Three vulnerabilities are identified in the Hosting Control Panel. Idera thanks www.rack911.com for bringing these issues to our attention and working closely with us on resolution.
Severity
Idera rates these vulnerabilities Critical.
Risk Assessment
A link following weakness was discovered in the Server Backup Manager Hosting Control Panel Web interface. A control panel user can download files outside of their home directory if they have permission to list the files. If the control panel user’s home directory is on the root filesystem or the Linux kernel version is older than 3.6, this could include the Linux /etc/shadow file.
A path traversal weakness was discovered in the Server Backup Manager Hosting Control Panel Web interface. A control panel user can download files to locations outside of their home directories.
A UNIX symbolic link following weakness was discovered in the Server Backup Agent. A control panel user can use the restore functionality to delete files outside of their home directories. The user is unable to replace files. This issue can lead to a denial of service if the target files are critical system files.
Risk Mitigation
Users must use one of the following options:
- Immediately upgrade to Server Backup Manager SE 5.4.2 and Server Backup Agent 5.4.2 or later
OR
- Disable all configured Hosting Control Panel instances on your SBM policies. This action prevents a control panel end user from exploiting the vulnerabilities.
Vulnerability
Affected versions include:
- Server Backup Manager SE 5.4.1 and earlier
- Server Backup Advanced Edition 5.2.2 and earlier
Fix
 | Upgrade Note: Server Backup Advanced users A fix is not yet available for Server Backup Advanced Edition users. These users should disable hosting control panels in their policy(s) until a fix is available. |
These issues are fixed in Server Backup 5.4.2, which you can download from the customer download portal at http://repo.r1soft.com. You must upgrade both the Server Backup Manager and Backup Agent.