A potential high security vulnerability was found in the glibc library, which has been assigned CVE-2015-0235 and is commonly referred to as ‘GHOST’.

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Currently, all versions of glibc shipped with all variants of Red Hat Enterprise Linux and CentOS are affected, patching/upgrading the OS is highly recommended to avoid server compromise.

ServerBuddies support is available 24×7 to assist you in case you need the patch applied or to check if your server is vulnerable or any other assistance.

In order to have this vulnerability immediately checked and patched by us please submit a 1x Hour of Support plan, customers under our Server Management plan are already patched.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

A flaw named POODLE was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

In other words, the vulnerability allows an attacker to add padding to a request in order to then calculate the plaintext of encryption using the SSLv3 protocol. Effectively, this allows an attacker to compromise the encryption when using the SSLv3 protocol.

The risk from this vulnerability is that an attacker can exchange over an encrypted connection using that protocol and be intercepted and read.

As NO patch has been released yet by REDHAT current it is highly recommended to use only TLSv1.1 and TLSv1.2. Backwards compatibility can be done using TLSv1.0. It is NOT recommended to use SSLv2 and SSLv3 as they are considered insecure.

SSLv3 for all our Server Management and Monitoring customers have been all disabled.

If you are not a Server Management customer and would like to have this vulnerability patched/disabled please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with RedHat/CentOS/Debian and other products.

This vulnerability allows arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.

To better understand the magnitude of this issue and how it affects various configurations, the below list is not exhaustive, but is meant to give some examples of how this issue affects certain configurations, and why the high level of complexity makes it impossible to specify something is not affected by this issue. The best course of action is to upgrade Bash to a fixed version.

Package Description
httpd CGI scripts are likely affected by this issue: when a CGI script is run by the web server, it uses environment variables to pass data to the script. These environment variables can be controlled by the attacker. If the CGI script calls Bash, the script could execute arbitrary code as the httpd user. mod_php, mod_perl, and mod_python do not use environment variables and we believe they are not affected.
Secure Shell (SSH) It is not uncommon to restrict remote commands that a user can run via SSH, such as rsync or git. In these instances, this issue can be used to execute any command, not just the restricted command.
dhclient The Dynamic Host Configuration Protocol Client (dhclient) is used to automatically obtain network configuration information via DHCP. This client uses various environment variables and runs Bash to configure the network interface. Connecting to a malicious DHCP server could allow an attacker to run arbitrary code on the client machine.
CUPS It is believed that CUPS is affected by this issue. Various user supplied values are stored in environment variables when cups filters are executed.
sudo Commands run via sudo are not affected by this issue. Sudo specifically looks for environment variables that are also functions. It could still be possible for the running command to set an environment variable that could cause a Bash child process to execute arbitrary code.
Firefox We do not believe Firefox can be forced to set an environment variable in a manner that would allow Bash to run arbitrary commands. It is still advisable to upgrade Bash as it is common to install various plug-ins and extensions that could allow this behavior.
Postfix The Postfix server will replace various characters with a ?. While the Postfix server does call Bash in a variety of ways, we do not believe an arbitrary environment variable can be set by the server. It is however possible that a filter could set environment variables.

Customers having their servers under our Server Management and Monitoring subscription have been all patched.

If you are not a Server Management customer and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

Still cleaning up after the Heartbleed debacle, OpenSSL is issuing fixes for several vulnerabilities, one of them exploitable to run arbitrary code on the client or server.

Unlike Heartbleed, which had been introduced into the program not long before, affects all versions of OpenSSL, including those that were patched to fix Heartbleed.

The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1.

All client versions of OpenSSL are vulnerable. The bug was reported to OpenSSL on May 1 via JPCERT/CC.

OpenSSL provides this advice:

  • OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
  • OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m
  • OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h

Non-OpenSSL clients (IE, Firefox, Chrome on Desktop and iOS, Safari etc) aren’t affected. None the less, all OpenSSL users should be updating.

If you would like to have this vulerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

The new memory-corruption vulnerability, allows unprivileged users to crash or execute malicious code on vulnerable systems and gain root privileges. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device.

While the vulnerability can be exploited only by someone with an existing account, the requirement may not be hard to satisfy in hosting facilities that provide shared servers so an upgrade is mandatory.

This issue affects the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux / CentOS 6 prior to version kernel-2.6.32-358.6.2.el6

If you would like to have this vulerability patched or ensure your server is not affected, please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

Next »