Qualys reported on 23rd July an important root privilege escalation vulnerability (CVE-2015-3246), and DoS attack vulnerability (CVE-2015-3245) for Linux servers using RedHat’s libuser package. Here’s how you can protect your cPanel, Plesk and DirectAdmin servers running CentOS or RedHat operating systems.

What is this vulnerability?

userhelper utility and libuser library in RedHat code repository were found to have vulnerabilities which allows a local user to initiate a DoS attack or escalate the user privilege to root. A proof of concept was released by Qualys, and cPanel, Plesk and DirectAdmin server administrators running RedHat based RPMs are advised to secure their systems ASAP to prevent an exploit.

How to fix it?

RedHat has already released a patch for the libuser package, but CentOS is yet to release an update (as of 14:00 hrs GMT 24th Jul).

Fix in RedHat 6.x and 7.x servers

Update the libuser package using the command below:

# yum update

or to update only libuser package,

# yum update libuser

Fix in in CentOS servers

As an update is not yet available, you can secure your server by using the steps below:

Edit the files /etc/pam.d/chfn and /etc/pam.d/chsh

Add pam_warn and pam_deny rules as shown below after the line auth sufficient pam_rootok.so:

auth required pam_warn.so
auth required pam_deny.so

We’ll update this article as an when RPM patches are available for CentOS. If you’d like us to check your server for vulnerability and fix this for you, click below to contact us:

FIX MY SERVER

Bobcares helps you keep your servers secure through periodic security hardening and by mitigating zero day vulnerabilities.

SEE HOW BOBCARES KEEP YOUR SERVERS SECURE