Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel.
A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.
- An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system and gain root access instantly.
- This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set.
It’s highly recommended to patch the system kernel in all Debian, Ubuntu, CentOS and RHEL distros to prevent system breakage.
Are you running a vulnerable version?
If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.
Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!
There is a new SSHD rookit rolling around since few days ago, it looks it’s affecting mostly RHEL/CentOS servers.
Servers with cPanel, Plesk, VirtualMin and DirectAdmin are affected well.
According to a Security Audition in one of the hacked servers we found the Rootkit deposits files in /lib64 and /lib, main file name is libkeyutils.so.1.9.
It changes symlinks of /lib64/libkeyutils.so.1 to point to the mentioned lib.
We believe this lib is capable of stealing passwords, SSH keys and /etc/shadow files from the server. It’s also used as a backdoor to
gain access to the server through a different port, the rootkit will also modify all the authentication mechanisms of the server preventing any login or command history to be logged through this backdoor.
The intruder has full root access which means there is a exploit among with this rootkit capable of root privilege escalation.
You can see if your server is infected by running the following script:
# wget -qq -O - http://www.serverbuddies.com/files/libkeyutilscheck.sh | sh
We highly encourage our customers to submit a 1x Hour of Support if you see the script is showing your server as compromised.
Don’t hesitate to contact our Support Team for any inquiry you may have!
A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel & WHM.
This vulnerability has been rated as Critical by the cPanel Security team.
A remote code execution flaw in Exim has been discovered by an internal audit performed by the Exim developers. This vulnerability may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. In some circumstances this may lead to privilege escalation.
The vulnerability is tied to the DKIM support introduced in Exim 4.70. It has been assigned CVE-2012-5671.
The following Exim RPMs, as distributed by cPanel, Inc. are known to be vulnerable:
These RPMs were shipped as part of cPanel & WHM versions 11.32 and 11.34.
Contact us at email@example.com for patching your Exim server with the latest security patches and run a Full Security Audit on your server.
cPanel & WHM Version 11.34 Released to Current Tier
cPanel Inc. announced today the release of version 11.34 of cPanel & WHM software to the CURRENT tier with many improvements and upgrade. cPanel CEO, J. Nick Koston, outlined new features that include:
- A brand new User Interface for WHM, which brings a slick new look and easier functionality, as demonstrated at the recent cPanel Conference.
- Web Disk support has been updated for Windows Vista, 7 & 8, and Mountain Lion. In addition to the Web Disk support update, we will soon be releasing Android and iOS clients.
- Email client auto configuration utilities have been updated to support the latest mail clients, as well as added support for Mountain Lion.
- Email Archiving makes its appearance in 11.34, so email users now have the option to more efficiently track, store, and access email with our vastly improved email tracking, and message retrieval, to the Mail Delivery Reports functionality we recently delivered.
- In addition, we overhauled the service monitoring system to provide better notifications, and improved the robustness of the automatic repair feature.
- New Hooks Management interface built into WHM.
- Feature Showcase page of WHM will alert you at login to any recent changes made by upgrading cPanel & WHM.
Upon updating or installing cPanel & WHM version 11.34 you will no longer be able to downgrade to a previous version.
To update cPanel & WHM manually:
Log into WHM as the root user.
Click on the WHM 11.32.X (build X) link on the top right corner of the screen.
Click the button labeled Click to Upgrade.
Reference: For details regarding version 11.34 User Guide, Release Notes, Change Log and FAQ’s, please visit http://docs.cpanel.net.
How to resolve Suexec problems with cgi scripts
Run the following script:
This reads /usr/local/apache/logs/suexec_log and looks for errors and tries to fix them.