CVE-2012-2087 – This vulnerability in ISPConfig 3.0.4.3 allows ... (How to Fix)

Q: What is the severity of CVE-2012-2087?

CVE-2012-2087 has a CVSS score of 9.8 (CRITICAL). This vulnerability in ISPConfig 3.0.4.3 allows authenticated users with 'Add new Webdav user' permissions to execute chmod and chown commands on the entire server through the client interface. This affects all ISPConfig installations running version 3.0.4.3 where the WebDAV user management feature is enabled.

📋 TL;DR

This vulnerability in ISPConfig 3.0.4.3 allows authenticated users with 'Add new Webdav user' permissions to execute chmod and chown commands on the entire server through the client interface. This affects all ISPConfig installations running version 3.0.4.3 where the WebDAV user management feature is enabled.

💻 Affected Systems

Products:

ISPConfig

Versions: 3.0.4.3

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WebDAV user management feature to be enabled and user with 'Add new Webdav user' permissions.

📦 What is this software?

Ispconfig by Ispconfig

View all CVEs affecting Ispconfig →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing attackers to modify file permissions and ownership across the entire system, potentially leading to privilege escalation, data theft, or complete system takeover.

🟠

Likely Case

Unauthorized users gaining administrative control over web server files, allowing them to modify website content, install backdoors, or access sensitive data.

🟢

If Mitigated

Limited impact if proper access controls and network segmentation are implemented, restricting the attack surface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.4.4 and later

Vendor Advisory: http://www.ispconfig.org/

Restart Required: No

Instructions:

1. Backup current ISPConfig installation. 2. Update to ISPConfig 3.0.4.4 or later. 3. Verify WebDAV user permissions are properly restricted.

🔧 Temporary Workarounds

Disable WebDAV user management

linux

Temporarily disable the vulnerable WebDAV user management feature until patching is possible.

# Edit ISPConfig configuration to disable WebDAV user management
# Consult ISPConfig documentation for specific configuration changes

Restrict user permissions

linux

Remove 'Add new Webdav user' permissions from all non-administrative accounts.

# Use ISPConfig admin interface to modify user permissions
# Navigate to System > User Management and adjust permissions

🧯 If You Can't Patch

Implement strict network segmentation to isolate ISPConfig administration interface
Enable detailed logging and monitoring for WebDAV user management activities

🔍 How to Verify

Check if Vulnerable:

Check ISPConfig version via admin interface or by examining installation files. Version 3.0.4.3 is vulnerable.

Check Version:

grep -r 'ISPConfig 3.0.4.3' /usr/local/ispconfig/ || cat /usr/local/ispconfig/interface/lib/ispconfig_version.php

Verify Fix Applied:

Verify ISPConfig version is 3.0.4.4 or later and test WebDAV user management functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual chmod/chown commands executed via WebDAV interface
Multiple WebDAV user creation attempts from single account
File permission changes outside normal web directories

Network Indicators:

HTTP POST requests to WebDAV user management endpoints with command parameters

SIEM Query:

source="ispconfig.log" AND ("chmod" OR "chown") AND "webdav"

📊 Metadata

CVE ID: CVE-2012-2087

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: January 23, 2020

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2012/04/08/3 Exploit,Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/04/09/4 Mailing List,Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/74739 Third Party Advisory,VDB Entry
https://www.securityfocus.com/bid/52936 Third Party Advisory,VDB Entry
http://www.openwall.com/lists/oss-security/2012/04/08/3 Exploit,Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/04/09/4 Mailing List,Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/74739 Third Party Advisory,VDB Entry
https://www.securityfocus.com/bid/52936 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2012-2087, you might also want to check these: