Select Page

vulnerability


How to fix Dirty Cow vulnerability in CentOS, RedHat, Ubuntu, Debian, CloudLinux and OpenSuse Linux servers

How to fix Dirty Cow vulnerability in CentOS, RedHat, Ubuntu, Debian, CloudLinux and OpenSuse Linux servers

Dirty COW vulnerability was first discovered a decade ago and has been present in Linux kernel versions from 2.6.22, which was released in 2007.

But the vulnerability gained attention only recently when hackers started exploiting it. This has led to the release of this bug as CVE-2016-5195 on October 19th, 2016. (more…)

How to fix HTTPoxy vulnerability in cPanel, Plesk or other Linux / Windows servers

How to fix HTTPoxy vulnerability in cPanel, Plesk or other Linux / Windows servers

On 18th July, our security team was alerted to a series of vulnerabilities called HTTPoxy. It allows attackers to steal data from CGI enabled web servers.

As of this writing, patches only available for Litespeed, but we’ve identified ways to mitigate this vulnerability in Apache, Nginx, IIS and other web servers and proxies.

[ Update 21st July – cPanel released patches for Apache. Click here to know more ]

(more…)

Agile infrastructure security – How central configuration management was used to quickly patch GHOST glibc vulnerability in data centers

Agile infrastructure security – How central configuration management was used to quickly patch GHOST glibc vulnerability in data centers

GHOST vulnerability of Glibc was disclosed on 27th Jan. As with any breaking news about vulnerabilities, the initial reports were muddled about the severity of impact, and the extend of exploits running in the wild.

Bobcares Dedicated Linux Systems Administrators deliver zero-day protection against breaking vulnerabilities through agile security reaction procedures. In this case, the announcement said attackers can exploit the gethostbyname() function provided by Glibc, with a proof of concept hack done on an Exim server. So, the first order of business was to prevent any such hacks taking place in servers under our care.
(more…)

GHOST hunting – Resolving glibc Remote Code Execution vulnerability (CVE-2015-0235) in CentOS, Red Hat, Ubuntu, Debian and SUSE Linux servers

GHOST hunting – Resolving glibc Remote Code Execution vulnerability (CVE-2015-0235) in CentOS, Red Hat, Ubuntu, Debian and SUSE Linux servers

Reports are coming in from our Dedicated Linux Systems Administrators about an evolving threat, disclosed earlier today.

A heap buffer overflow vulnerability in GNU C Library (glibc), allows remote or local actors to execute arbitrary code under the privilege of user running the function gethostbyname(). Qualsys, who reported the bug was able to remotely exploit this bug in an Exim mail server.

Linux servers with stable distributions marked as long term support are likely to be affected by this bug (CVE-2015-0235). The distributions we have counted till now include:
(more…)

Shell shock rescue – Tracing a bandwidth spike to outbound DDoS through the infamous Bash vulnerability

Shell shock rescue – Tracing a bandwidth spike to outbound DDoS through the infamous Bash vulnerability

This definitely is a problem with your monitoring system! I never used this bandwidth. I was on holiday!

The accounts department of the data center we managed referred this customer concern to us. His un-managed dedicated server showed a bandwidth spike of 20 times the normal usage, and had resulted in bandwidth overages charges.

The monitoring system was showing perfect stats for all other servers, and it looked like something that happened in the customer’s server.
(more…)

Protecting your Parallels Plesk server from SSLv3 POODLE vulnerability

Protecting your Parallels Plesk server from SSLv3 POODLE vulnerability

UPDATE 17th Oct – Some browsers like Firefox and IE 6 are reporting issues when SSLv3 is disabled. Fortunately, SSLv3 fix is available from OpenSSL, and major distros would soon be putting it to their repos. SSLv3 disabling can soon be done in a phased manner. Check comments for more info.

On Oct 14th Google published details of an SSL 3.0 vulnerability, which allows an attacker to secure session through a man-in-the-middle attack. Support for SSL 3.0 is available in all popular mail, ftp and web clients, which makes all your clients vulnerable to an exploit based on this bug. Since SSL 3.0 is an 18 year old obsolete technology, we recommend it to be disabled in all Plesk servers.
Read : Top 7 SSL/TLS deployment best practices

 

Hire Bobcares plesk server administrators
Get super reliable servers and delighted customers

See how we do it!

 

Pro-active Server Management service at Bobcares was notified of this vulnerability on 14th, and all servers that we maintain were secured against this vulnerability by disabling CBC ciphers.

Here is a quick script for you to check if your Plesk server is vulnerable. Execute the following as root. If you get ANY cipher output, your server can be considered vulnerable. (more…)

Protecting your cPanel/WHM server from SSLv3 POODLE vulnerability

Protecting your cPanel/WHM server from SSLv3 POODLE vulnerability

UPDATE 17th Oct – Some browsers like Firefox and IE 6 are reporting issues when SSLv3 is disabled. Fortunately, SSLv3 fix is available from OpenSSL, and major distros would soon be putting it to their repos. SSLv3 disabling can soon be done in a phased manner. Check comments for more info.

On Oct 14th Google published details of an SSL 3.0 vulnerability, which allows an attacker to break into a secure session through a man-in-the-middle attack.

Support for SSL 3.0 is available in all popular mail, ftp and web clients, which makes all your clients vulnerable to an exploit based on this bug. Since SSL 3.0 is an 18 year old obsolete technology, we recommend it to be disabled in all cPanel servers.

Pro-active Server Management service at Bobcares was notified of this vulnerability on 14th, and all servers that we maintain were secured against this vulnerability by disabling CBC ciphers.

Read : Top 7 SSL/TLS deployment best practices

 

Hire Bobcares cPanel Server Administrators
Get super reliable servers and delighted customers

See how we do it!

 

 

Here is a quick script for you to check if your cPanel/WHM server is vulnerable. Execute the following as root. If you get ANY cipher output, your server can be considered vulnerable. (more…)

Fix Bash vulnerability in CentOS, RedHat, CloudLinux, Ubuntu Servers

[UPDATE 1st Oct] – More vulnerabilities were reported since this post was originally written on Sep 26th. See the notes at the bottom.

Highly critical Bash code injection vulnerability CVE-2014-6217 was declared on 24th Sep, and a patch is now available for all popular Linux web hosting servers such as CentOS, RedHat, Fedora, CloudLinux, Ubuntu, Debian and OpenSuse.

 

Hire Bobcares Linux Server Administrators
Get super reliable servers and delighted customers

See how we do it!

 

If you have a Linux web hosting server, it has Bash, and if you haven’t expressly patched it, assume that your server is vulnerable to hack. Linux web hosting servers are typically enabled with CGI modules, and they could allow commands to be passed on to Bash, thus opening the gates to hackers. (more…)

Remote root vulnerability in Exim

On 8th December Sergey Kononenko, discovered a vulnerability in the Exim mail server, that could allow hackers to gain control of the host server. Though initially thought to effect only packages for Debian, it appears to be present in all versions.

(more…)