Thursday, January 27, 2022

These critical security bugs put Linux servers at risk of attack

Researchers have discovered that Control Web Panel (CWP), a popular web hosting management software, carried with it two flaws which, when chained together, lead to a remote code execution (RCE) vulnerability on certain Linux-powered servers.

A report from Octagon Networks researcher Paulos Yibelo details two vulnerabilities in CWP - CVE-2021-45467, and CVE-2021-45466. CWP supports CentOS, rocky Linux, Alma Linux, and Oracle Linux.

The blog post gets very technical on the vulnerabilities, but long story short - some parts of CWP panel are exposed, without authentication in the webroot. 

Exposed

“Turns out, not a lot is exposed,” the blog post concludes. 

Yibelo said the team will release a full Proof-of-Concept for red teams, that achieves preauth RCE, once enough servers migrate to the latest versions and thus mitigate the threat. 

It's been a tough week for Linux fans, after researchers from Qualys also recently identified a decade-old “extremely severe” vulnerability affecting every major distro for the operating system (OS).

Mitigating high severity threats

The vulnerability, “hiding in plain sight” for more than 12 years, is a memory corruption in polkit’s pkexec. 

As explained by the researchers, it’s an SUID-root program, installed by default. Malicious actors could exploit the bug to gain full root privileges on the target machine, and then do as they please - even install malware or ransomware

Also recently, a high severity vulnerability was found in Ubuntu, allowing malicious actors to crash the system, or run software in administrator mode. 

The vulnerability, tracked as CVE-2022-0185, allegedly affects all of the Ubuntu releases that are still being supported. That includes Ubuntu 21.10 Impish Indri with Linux kernel 5.13, Ubuntu 21.04 Hirsute Hippo with Linux kernel 5.11, Ubuntu 20.04 LTS Focal Fossa, and Ubuntu 18.04 LTS Bionic Beaver, both with Linux kernel 5.4 LTS.

As usual, admins are urged to update their systems to the latest version as soon as possible.

Via: ThreatPost



from TechRadar - All the latest technology news https://ift.tt/3INs4k5

No comments:

Post a Comment

AMD's fastest CPU gets surprising 33% price cut in time for Black Friday and just one month after it launched; is there something else happening?

AMD's 192-core EPYC 9965 CPU now a third cheaper than at launch 5th-gen Turin chip has seen stellar reviews from the tech press Hal...