Any websites that depend on this cross-signed root must be updated by May, 2020 or run the risk of outage or displayed error message. Clients running server cronjobs with tools such as curl, wget, internal servers tasks that depends on connecting to the website using a https connection will suffer downtime as a cause of this problem.

Clients looking for an immediate fix can purchase a 1x Hour of Support plan. Our emergency support is always available 24/7.

As for our Server Management customers, we’ve already taken actions to scan and replace outdated CA Root certificates in all your servers, so we’ve got your back!

Should you’ve any questions please don’t hesitate to email us or reach our LiveChat! Interface.

Thank you for choosing ServerBuddies!

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

Impact

• An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system and gain root access instantly.
• This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set.

It’s highly recommended to patch the system kernel in all Debian, Ubuntu, CentOS and RHEL distros to prevent system breakage.

Are you running a vulnerable version?

If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!

The vulnerability affects all MySQL servers in the default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions, and can be exploited by both local and remote attackers. Both the authenticated access to MySQL databases (via network connection or web interfaces such as phpMyAdmin) and SQL Injection could be used as exploitation vectors if a MySQL user has the SUPER privilege granted. Additionally, MySQL users with both SELECT and FILE privileges granted are also affected.

A successful exploitation could allow attackers to execute arbitrary code with root privileges which would then allow them to fully compromise the server on which an affected version of MySQL or MariaDB is running.

Are you running a vulnerable version?

If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!

A flaw in versions older than 2.3.7 could leave sites vulnerable to a cross-site scripting attack that would
allow malicious third-parties to take control.

When the feature blocks a malicious bot, it displays the HTTP request sent by the bot in the WordPress site’s dashboard. Because the request is not sanitized, a maliciously crafted request could include code, which, when the dashboard is loaded by an administrator, would send sensitive data, including authentication cookies, to the attacker.

Mitigating the risk of the attack is mandatory in order to prevent code injections.

Customers using this plugin are advised to contact us for steps on how to solve this issue.

If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Currently, all versions of glibc shipped with all variants of Red Hat Enterprise Linux and CentOS are affected, patching/upgrading the OS is highly recommended to avoid server compromise.

ServerBuddies support is available 24×7 to assist you in case you need the patch applied or to check if your server is vulnerable or any other assistance.

In order to have this vulnerability immediately checked and patched by us please submit a 1x Hour of Support plan, customers under our Server Management plan are already patched.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

In other words, the vulnerability allows an attacker to add padding to a request in order to then calculate the plaintext of encryption using the SSLv3 protocol. Effectively, this allows an attacker to compromise the encryption when using the SSLv3 protocol.

The risk from this vulnerability is that an attacker can exchange over an encrypted connection using that protocol and be intercepted and read.

As NO patch has been released yet by REDHAT current it is highly recommended to use only TLSv1.1 and TLSv1.2. Backwards compatibility can be done using TLSv1.0. It is NOT recommended to use SSLv2 and SSLv3 as they are considered insecure.

SSLv3 for all our Server Management and Monitoring customers have been all disabled.

If you are not a Server Management customer and would like to have this vulnerability patched/disabled please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

This vulnerability allows arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.

To better understand the magnitude of this issue and how it affects various configurations, the below list is not exhaustive, but is meant to give some examples of how this issue affects certain configurations, and why the high level of complexity makes it impossible to specify something is not affected by this issue. The best course of action is to upgrade Bash to a fixed version.

Customers having their servers under our Server Management and Monitoring subscription have been all patched.

If you are not a Server Management customer and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

Unlike Heartbleed, which had been introduced into the program not long before, affects all versions of OpenSSL, including those that were patched to fix Heartbleed.

The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1.

All client versions of OpenSSL are vulnerable. The bug was reported to OpenSSL on May 1 via JPCERT/CC.

OpenSSL provides this advice:

• OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
• OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m
• OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h

Non-OpenSSL clients (IE, Firefox, Chrome on Desktop and iOS, Safari etc) aren’t affected. None the less, all OpenSSL users should be updating.

If you would like to have this vulerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

While the vulnerability can be exploited only by someone with an existing account, the requirement may not be hard to satisfy in hosting facilities that provide shared servers so an upgrade is mandatory.

This issue affects the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux / CentOS 6 prior to version kernel-2.6.32-358.6.2.el6

If you would like to have this vulerability patched or ensure your server is not affected, please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

According to the freshly released security bulletin by The OpenSSL Project, a missing bounds check in the handling of the TLS Heartbeat Extension can be used to reveal up to 64k of memory to a connected client or server.

In practice, this allows the stealing of protected information by the SSL/TLS encryption used.

SSL/TLS protocols provide communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). Attackers can steal secret keys, user names and passwords, instant messages, emails and business’ critical documents and communication – all of this without leaving a trace.

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

As of today, a number of Nix*-like operating systems are affected, since they are packaged with vulnerable OpenSSL:

• Debian Wheezy (Stable), OpenSSL 1.0.1e-2+deb7u4)
• Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11)
• CentOS 6.5, OpenSSL 1.0.1e-15)
• Fedora 18, OpenSSL 1.0.1e-4
• OpenBSD 5.3 (OpenSSL 1.0.1c) ? 5.4 (OpenSSL 1.0.1c)
• FreeBSD 8.4 (OpenSSL 1.0.1e) ? 9.1 (OpenSSL 1.0.1c)
• NetBSD 5.0.2 (OpenSSL 1.0.1e)
• OpenSUSE 12.2 (OpenSSL 1.0.1c)

Packages with older OpenSSL versions – Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14, SUSE Linux Enterprise Server – are free of this flaw.

What versions of the OpenSSL are affected?

Status of different versions:

• OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
• OpenSSL 1.0.1g is NOT vulnerable
• OpenSSL 1.0.0 branch is NOT vulnerable
• OpenSSL 0.9.8 branch is NOT vulnerable

If you would like to have this vulerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.