Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 21 Dec 2016 17:10:54 -0500
From: Luka Pusic <>
To: "" <>
Subject: CVE request - Vesta Control Panel 0.9.7 <= 0.9.8-16 Local Privilege Escalation

Vesta Control Panel 0.9.7 <= 0.9.8-16 Local Privilege Escalation
Vendor Homepage:
Software Link:
Affected Versions: 0.9.7 and up to including 0.9.8-16

Vesta CP default install script adds /usr/local/vesta/bin/ directory into /etc/sudoers.d with the NOPASSWD option for the default "admin" user. All programs in /usr/local/vesta/bin/ directory can therefore be run as root. A command injection vulnerability in "v-get-web-domain-value" script can be exploited to run arbitrary commands and escalate from admin user to root.

Parameter $3 (key) in v-get-web-domain-value is not properly sanitized before being passed to bash eval.

GitHub issue:
GitHub fix commit:

Remove "v-get-web-domain-value" script file, because it is not used anymore.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ