Zamfoo – Multiple Reseller Security Vulnerabilities

June 17, 2013 - by RACK911 Labs

Product Description:

The Zamfoo software suite is a series of WHM plugin modules (also known as WHM addon modules) catered towards easing the burden of web hosting providers that sell shared hosting solutions using the Cpanel and WHM hosting platform. Hundreds of companies use our software to create Alpha WHM and create Master WHM hosting accounts.

Vulnerability Discussion:

Due to a series of ACL failures and failing to sanitize input, a malicious reseller can access the restore feature under Zamfoo and using a certain URL have the software execute commands as root.

Uninstall Instructions:

cd /root
wget http://www.zamfoo.com/downloads/zamfoo_uninstaller.tar
tar -xvf zamfoo_uninstaller.tar
chmod +x uninstall.cgi
./uninstall.cgi

Just to be sure:

rm -rf /usr/local/cpanel/whostmgr/docroot/cgi/zamfoo

Vendor Contact Timeline:

2013-05-31: Vendor contacted via email.
2013-06-03: Vendor contacted via email again.
2013-06-03: Vendor confirms vulnerability.
2013-06-13: Vendor contacted via email seeking update.
2013-06-13: Vendor states a patch is “to be” worked on,
2013-06-13: Rack911 issues warning to disable software.
2013-06-13: Vendor threatens to sue.
2013-06-15: Vendor issues patch two weeks from initial contact.
2013-06-17: RACK911 Labs issues a general security advisory.

About Us:

https://www.RACK911Labs.com

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119

1-855-RACK911