Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel.

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

Impact

  • An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system and gain root access instantly.
  • This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set.

It’s highly recommended to patch the system kernel in all Debian, Ubuntu, CentOS and RHEL distros to prevent system breakage.

Are you running a vulnerable version?

If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!

On 12 September, 2016, an independent researcher revealed multiple MySQL vulnerabilities. This advisory focuses on a vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to (remotely) inject malicious settings into MySQL configuration files (my.cnf) under certain configurations, leading to critical consequences.

The vulnerability affects all MySQL servers in the default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions, and can be exploited by both local and remote attackers. Both the authenticated access to MySQL databases (via network connection or web interfaces such as phpMyAdmin) and SQL Injection could be used as exploitation vectors if a MySQL user has the SUPER privilege granted. Additionally, MySQL users with both SELECT and FILE privileges granted are also affected.

A successful exploitation could allow attackers to execute arbitrary code with root privileges which would then allow them to fully compromise the server on which an affected version of MySQL or MariaDB is running.

Are you running a vulnerable version?

If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!

A new vulnerability in the All in One SEO Pack WordPress plugin has been discovered. Users of the popular All In One SEO Pack plugin are advised to update to the most recent version as soon as possible.

A flaw in versions older than 2.3.7 could leave sites vulnerable to a cross-site scripting attack that would
allow malicious third-parties to take control.

When the feature blocks a malicious bot, it displays the HTTP request sent by the bot in the WordPress site’s dashboard. Because the request is not sanitized, a maliciously crafted request could include code, which, when the dashboard is loaded by an administrator, would send sensitive data, including authentication cookies, to the attacker.

Mitigating the risk of the attack is mandatory in order to prevent code injections.

Customers using this plugin are advised to contact us for steps on how to solve this issue.

If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

A potential high security vulnerability was found in the glibc library, which has been assigned CVE-2015-0235 and is commonly referred to as ‘GHOST’.

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Currently, all versions of glibc shipped with all variants of Red Hat Enterprise Linux and CentOS are affected, patching/upgrading the OS is highly recommended to avoid server compromise.

ServerBuddies support is available 24×7 to assist you in case you need the patch applied or to check if your server is vulnerable or any other assistance.

In order to have this vulnerability immediately checked and patched by us please submit a 1x Hour of Support plan, customers under our Server Management plan are already patched.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

A flaw named POODLE was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

In other words, the vulnerability allows an attacker to add padding to a request in order to then calculate the plaintext of encryption using the SSLv3 protocol. Effectively, this allows an attacker to compromise the encryption when using the SSLv3 protocol.

The risk from this vulnerability is that an attacker can exchange over an encrypted connection using that protocol and be intercepted and read.

As NO patch has been released yet by REDHAT current it is highly recommended to use only TLSv1.1 and TLSv1.2. Backwards compatibility can be done using TLSv1.0. It is NOT recommended to use SSLv2 and SSLv3 as they are considered insecure.

SSLv3 for all our Server Management and Monitoring customers have been all disabled.

If you are not a Server Management customer and would like to have this vulnerability patched/disabled please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

Next »