Archive for the 'Security' Category

On May 30, 2020 the commonly used Sectigo (Comodo) Root certificate, named the “AddTrust External CA” Root, will expire.

Any websites that depend on this cross-signed root must be updated by May, 2020 or run the risk of outage or displayed error message. Clients running server cronjobs with tools such as curl, wget, internal servers tasks that depends on connecting to the website using a https connection will suffer downtime as a cause of this problem.

Clients looking for an immediate fix can purchase a 1x Hour of Support plan. Our emergency support is always available 24/7.

As for our Server Management customers, we’ve already taken actions to scan and replace outdated CA Root certificates in all your servers, so we’ve got your back!

Should you’ve any questions please don’t hesitate to email us or reach our LiveChat! Interface.

Thank you for choosing ServerBuddies!

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel.

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

Impact

  • An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system and gain root access instantly.
  • This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set.

It’s highly recommended to patch the system kernel in all Debian, Ubuntu, CentOS and RHEL distros to prevent system breakage.

Are you running a vulnerable version?

If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!

On 12 September, 2016, an independent researcher revealed multiple MySQL vulnerabilities. This advisory focuses on a vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to (remotely) inject malicious settings into MySQL configuration files (my.cnf) under certain configurations, leading to critical consequences.

The vulnerability affects all MySQL servers in the default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions, and can be exploited by both local and remote attackers. Both the authenticated access to MySQL databases (via network connection or web interfaces such as phpMyAdmin) and SQL Injection could be used as exploitation vectors if a MySQL user has the SUPER privilege granted. Additionally, MySQL users with both SELECT and FILE privileges granted are also affected.

A successful exploitation could allow attackers to execute arbitrary code with root privileges which would then allow them to fully compromise the server on which an affected version of MySQL or MariaDB is running.

Are you running a vulnerable version?

If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!

A new vulnerability in the All in One SEO Pack WordPress plugin has been discovered. Users of the popular All In One SEO Pack plugin are advised to update to the most recent version as soon as possible.

A flaw in versions older than 2.3.7 could leave sites vulnerable to a cross-site scripting attack that would
allow malicious third-parties to take control.

When the feature blocks a malicious bot, it displays the HTTP request sent by the bot in the WordPress site’s dashboard. Because the request is not sanitized, a maliciously crafted request could include code, which, when the dashboard is loaded by an administrator, would send sensitive data, including authentication cookies, to the attacker.

Mitigating the risk of the attack is mandatory in order to prevent code injections.

Customers using this plugin are advised to contact us for steps on how to solve this issue.

If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

A potential high security vulnerability was found in the glibc library, which has been assigned CVE-2015-0235 and is commonly referred to as ‘GHOST’.

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Currently, all versions of glibc shipped with all variants of Red Hat Enterprise Linux and CentOS are affected, patching/upgrading the OS is highly recommended to avoid server compromise.

ServerBuddies support is available 24×7 to assist you in case you need the patch applied or to check if your server is vulnerable or any other assistance.

In order to have this vulnerability immediately checked and patched by us please submit a 1x Hour of Support plan, customers under our Server Management plan are already patched.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

Next »