SolusVM – Reseller Panel Arbitrary Command Execution Vulnerability
Solus Virtual Manager (SolusVM) is a powerful GUI based VPS management system with full OpenVZ, Linux KVM, Xen Paravirtualization and Xen HVM support. SolusVM allows you and your clients to manage a VPS cluster with security & ease.
Due to user input not being sanitized, it is possible for a malicious reseller to run arbitrary commands on the master node as the root user.
Vendor Contact Timeline:
2015-06-10: Vendor contacted via email.
2015-06-10: Vendor confirms vulnerability.
2015-06-11: Vendor issues updates to all builds.
2015-06-13: RACK911 Labs issues security advisory.
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119