Rsync remote attack-CVE-2014-9512

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

 

Timeline

January 5, 2015 MITRE reserved CVE
February 12, 2015 NVD published advisory

Authority references

Vendor & other references

GHOST: glibc vulnerability (CVE-2015-0235)

Background Information

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Impact

The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.

A list of affected Linux distros

  • RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x
  • CentOS Linux version 5.x, 6.x & 7.x
  • Ubuntu Linux version 10.04, 12.04 LTS
  • Debian Linux version 7.x
  • Linux Mint version 13.0
  • Fedora Linux version 19 or older
  • SUSE Linux Enterprise 11 and older (also OpenSuse Linux 11 or older versions).
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Server 11 SP3 for VMware
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP2 LTSS
  • SUSE Linux Enterprise Server 11 SP1 LTSS
  • SUSE Linux Enterprise Server 10 SP4 LTSS
  • SUSE Linux Enterprise Desktop 11 SP3
  • Arch Linux glibc version <= 2.18-1

Resolution

Update the glibc and nscd packages on your system using:

Fix for Centos/RHEL/Fedora 5,6,7:

  •  yum update glibc
  • Restart ALL running services or reboot the server as an alternative.

Fix for Ubuntu:

  • sudo apt-get clean
  • sudo apt-get update
  • sudo reboot

Partnership with CloudLinux

Attacker.NET is glad to inform you that we have entered the partnership with CloudLinux Inc. This partnership opens a great opportunity for our server management customers to improve their hosting environments. We offer discounted CloudLinux licenses for our Reactive & Proactive Server management plans and FREE CloudLinux licenses for our Critical Server Management plans. 

All CloudLinux features are aimed at increasing server stability and security.

CLOUDLINUX BENEFITS:
* Isolates users from each other to avoid the “bad neighbor effect”
* Prevents users from seeing configuration files and other private information
* Allows end user to select PHP versions 5.2, 5.3, 5.4, and 5.5
* Gives the power to monitor and control limits, such as CPU, IO, Memory, and others
* Helps to restrict and throttle MySQL database abusers
* Compatible with all major control panels
* Interchangeable with CentOS and RHEL.

How to adjust the time zone of your webmail client (Roundcube, SquirrelMail, Horde)

SquirrelMail

To change time zones in SquirrelMail:

  1. Access SquirrelMail.
  2. Click Options link at the top of the page.
  3. Click the Personal Information link.
  4. Under Timezone Options, from the Your Current Timezone drop-down, select your preferred time zone.
  5. Click Submit.

Horde

To change time zones in Horde:

  1. Access Horde.
  2. Click the Options icon at the top of the page.
  3. Under Your Information, click the Locale and Time link.
  4. Under Your current time zone, select your preferred time zone from the drop-down menu.
  5. Click Save Options.

RoundCube

To change time zones in RoundCube:

  1. Access RoundCube.
  2. Click the Settings icon in the top-right corner of the page.
  3. Select Preferences tab.
  4. Under the Section column, select User Interface.
  5. Select your preferred time zone from the Time zone drop-down menu.
  6. Click Save.