Information on CVE-2015-5154

Reading Time: < 1 minute

Overview

Information on CVE-2015-5154 was made public on July 27, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Impact

Specifically a flaw with how QEMU’s IDE subsystem handles buffer access while processing certain ATAPI commands, exploitation can allow for the execution of arbitrary code on the host with the privileges of the host’s QEMU process corresponding to the guest.

Summary

  • Made public on July 27, 2015
  • This flaw exploits QEMU, a generic and open source machine emulator.
  • Allows for an attacker to execute arbitrary code outside of their own virtual machine.

Resolution

A patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers.

Continue reading “Information on CVE-2015-5154”

Information on CVE-2015-3456 QEMU Vulnerability (VENOM)

Reading Time: < 1 minute
Overview

VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Impact

Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.

Summary
  • Made public on May 13, 2015
  • This flaw exploits QEMU, a generic and open source machine emulator.
  • Allows for an attacker to access other virtual machines outside of their own.
Resolution

A patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers.

Continue reading “Information on CVE-2015-3456 QEMU Vulnerability (VENOM)”

CVE-2015-0235 Vulnerability Info for Red Hat and CentOS

Reading Time: < 1 minute

A vulnerability found in the glibc library, specifically a flaw affecting the gethostbyname() and gethostbyname2() function calls, that allows a remote attacker to potentially execute arbitrary code. CentOS 5, CentOS 6, and CentOS 7 are potentially affected, thus we want to highlight the following information.

Liquid Web package repositories have been updated. Many servers (barring those with updates disabled) have received an update that patches this vulnerability, however, a reboot will still be required in those cases.

Continue reading “CVE-2015-0235 Vulnerability Info for Red Hat and CentOS”

CVE-2014-9322 Vulnerability Info for Red Hat and CentOS

Reading Time: < 1 minute

A vulnerability found in the Linux kernel, specifically a flaw in fault handling associated with the Stack Segment (SS), allows an unprivileged user to potentially gain privileges. CentOS 4, CentOS 5, CentOS 6, and CentOS 7 are potentially affected, thus we want to highlight the following information.
Continue reading “CVE-2014-9322 Vulnerability Info for Red Hat and CentOS”

CVE-2014-6271 and CVE-2014-7169 Info – Bash Vulnerabilities

Reading Time: 2 minutes

On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.

While Liquid Web immediately began working to proactively patch this vulnerability, some servers may remain vulnerable depending on their update settings or other unforeseen intervening factors. Thus, we’ve provided the instruction below.

To Summarize:

  • This flaw exploits Bash, a Unix command-line shell run by default on most Linux servers.
  • Allows for remote code execution, and many types of command-line based attacks.
  • A patch is available, and your server can be easily updated.
  • We have tutorials on How to Update Bash on Red Hat and CentOS and How to Update Bash on Debian and Ubuntu.
  • Test the vulnerability of your server with the information below.

Continue reading “CVE-2014-6271 and CVE-2014-7169 Info – Bash Vulnerabilities”

Patch OpenSSL Against CCS Injections on Ubuntu

Reading Time: 2 minutes
What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the CCS Injection Vulnerability”?

Continue reading “Patch OpenSSL Against CCS Injections on Ubuntu”

Patch OpenSSL on CentOS Againt CCS Injection

Reading Time: 2 minutes

What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the CCS Injection Vulnerability”?

Continue reading “Patch OpenSSL on CentOS Againt CCS Injection”

CVE-2014-0196 Vulnerability Info for CentOS and Ubuntu

Reading Time: < 1 minute

A vulnerability found in the Linux kernel, specifically a flaw with the pseudo tty (pty) device, allows an unprivileged user to cause a denial of service (system crash) or potentially gain administrator privileges. A small number of CentOS and Ubuntu versions are vulnerable, thus we want to highlight the following information:

Continue reading “CVE-2014-0196 Vulnerability Info for CentOS and Ubuntu”

Update and Patch OpenSSL for Heartbleed Vulnerability

Reading Time: 2 minutes
What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the Heartbleed Bug”?

The Heartbleed Bug is a severe vulnerability in OpenSSL, known formally as “TLS heartbeat read overrun (CVE-2014-0160)“. As of April 07, 2014, a security advisory was released by OpenSSL.org, along with versions of OpenSSL that fix this vulnerability.

What are the risks?

In short, the risks are many. In most circumstances, this flaw allows an attacker to read the memory of servers running vulnerable versions of OpenSSL. This would allow attackers to impersonate users and services, and provide a means for data theft. For example, the exposed memory could include sensitive information such as private keys. If private keys are leaked, then it is possible that SSL certificates are compromised, and in that case should definitely be reissued.

What do I do?
  • Update and reboot your server immediately.
  • After the server has been rebooted, change all passwords associated with the server.
  • Consider getting your SSL certificates reissued.
Pre-Flight Check
  • These instructions are intended for patching OpenSSL on CentOS 6 against the “TLS heartbeat read overrun (CVE-2014-0160)” vulnerability.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “Update and Patch OpenSSL for Heartbleed Vulnerability”