Bobcares

Security fix for libuser root privilege vulnerability

PDF Header PDF Footer

Qualys reported on 23rd July an important root privilege escalation vulnerability (CVE-2015-3246), and DoS attack vulnerability (CVE-2015-3245) for Linux servers using RedHat’s libuser package. Here’s how you can protect your cPanel, Plesk and DirectAdmin servers running CentOS or RedHat operating systems.

What is this vulnerability?

userhelper utility and libuser library in RedHat code repository were found to have vulnerabilities which allows a local user to initiate a DoS attack or escalate the user privilege to root. A proof of concept was released by Qualys, and cPanel, Plesk and DirectAdmin server administrators running RedHat based RPMs are advised to secure their systems ASAP to prevent an exploit.

How to fix it?

RedHat has already released a patch for the libuser package, but CentOS is yet to release an update (as of 14:00 hrs GMT 24th Jul).

Fix in RedHat 6.x and 7.x servers

Update the libuser package using the command below:

# yum update

or to update only libuser package,

# yum update libuser

Fix in in CentOS servers

As an update is not yet available, you can secure your server by using the steps below:

Edit the files /etc/pam.d/chfn and /etc/pam.d/chsh

Add pam_warn and pam_deny rules as shown below after the line auth sufficient pam_rootok.so:

auth required pam_warn.so
auth required pam_deny.so

We’ll update this article as an when RPM patches are available for CentOS. If you’d like us to check your server for vulnerability and fix this for you, click below to contact us:

FIX MY SERVER

Bobcares helps you keep your servers secure through periodic security hardening and by mitigating zero day vulnerabilities.

SEE HOW BOBCARES KEEP YOUR SERVERS SECURE

0 Comments
server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

GET UP TO 25% OFF

cPanel Support

Spend time on your business, not on your servers.

Managing a server is time consuming. Whether you are an expert or a newbie, that is time you could use to focus on your product or service. Leave your server management & end-user tech support to us, and use that time to focus on the growth and success of your business.

TALK TO US Or click here to learn more.

GET UP TO 25% OFF

Plesk Support

Spend time on your business, not on your servers.

Managing a server is time consuming. Whether you are an expert or a newbie, that is time you could use to focus on your product or service. Leave your server management & end-user tech support to us, and use that time to focus on the growth and success of your business.

TALK TO USOr click here to learn more.

Speed issues driving customers away?
We’ve got your back!