Linux Kernel memory use risk – CVE-2014-5332

Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox.

Weakness classification

  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Timeline

August 18, 2014 MITRE reserved CVE
February 6, 2015 NVD published advisory

Affected products

  • Linux Kernel 3.10

Authority references

Vendor & other references

 

FREE Backup space & FREE setup fee – Limited time for new signups!


* Current specials:
– We’re offering FREE 20GB off-site backup space with all of our server management plans for a limited time, for new signups.- We’re offering FREE SETUP and FREE 2nd month for transferring your server management services to us!

For more information, Please contact us at [email protected]

GHOST: glibc vulnerability (CVE-2015-0235)

Background Information

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Impact

The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.

A list of affected Linux distros

  • RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x
  • CentOS Linux version 5.x, 6.x & 7.x
  • Ubuntu Linux version 10.04, 12.04 LTS
  • Debian Linux version 7.x
  • Linux Mint version 13.0
  • Fedora Linux version 19 or older
  • SUSE Linux Enterprise 11 and older (also OpenSuse Linux 11 or older versions).
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Server 11 SP3 for VMware
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP2 LTSS
  • SUSE Linux Enterprise Server 11 SP1 LTSS
  • SUSE Linux Enterprise Server 10 SP4 LTSS
  • SUSE Linux Enterprise Desktop 11 SP3
  • Arch Linux glibc version <= 2.18-1

Resolution

Update the glibc and nscd packages on your system using:

Fix for Centos/RHEL/Fedora 5,6,7:

  •  yum update glibc
  • Restart ALL running services or reboot the server as an alternative.

Fix for Ubuntu:

  • sudo apt-get clean
  • sudo apt-get update
  • sudo reboot

The POODLE Attack – SSL 3.0 Protocol Vulnerability (CVE-2014-3566)

Systems Affected

All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

 

Solution

There is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol; however, disabling SSL 3.0 support in system/application configurations is the most viable solution currently available.

 

** Updates available: RHEL/CentOS/RPM based OS:

yum -y update openssl

** You MUST disable SSLv3 in all used services (httpd, mail, etc) , The update just prevents the downgrading but the protocol itself is still vulnerable.

Shon Harris – Rest In Peace

After a long and devastating illness, Shon passed away on October 8, 2014. Shon founded and was CEO of Logical Security, an information consultant, a former engineer in the Air Force Information Warfare unit, instructor and best-selling author of many books.

A tremendous loss for the security industry, Our condolences to her friends and family.

Shellshock vulnerability (CVE-2014-6271, CVE-2014-7169)

This vulnerabilityCVE-2014-6271 could allow for arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

You can also manually test your version of Bash by running the following command:

$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

If the output of the above command contains a line containing only the word vulnerable you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function.

Note that different Bash versions will also print different warnings while executing the above command. The Bash versions without any fix produce the following output:

$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
vulnerable
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable'
bash: error importing function definition for `BASH_FUNC_x'
test

The versions with only the original CVE-2014-6271 fix applied produce the following output:

$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
bash: error importing function definition for `BASH_FUNC_x()'
test

The versions with additional fixes from RHSA-2014:1306, RHSA-2014:1311 and RHSA-2014:1312 produce the following output:

$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'
test

The difference in the output is caused by additional function processing changes explained in the “How does this impact systems” section below.

The fix for CVE-2014-7169 ensures that the system is protected from the file creation issue. To test if your version of Bash is vulnerable to CVE-2014-7169, run the following command:

$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
Fri Sep 26 11:49:58 GMT 2014

If your system is vulnerable, the time and date information will be output on the screen and a file called /tmp/echo will be created.

If your system is not vulnerable, you will see output similar to:

$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directory

If your system is vulnerable, you can fix these issues by updating to the most recent version of the Bash package by running the following command:

# yum update bash

Partnership with CloudLinux

Attacker.NET is glad to inform you that we have entered the partnership with CloudLinux Inc. This partnership opens a great opportunity for our server management customers to improve their hosting environments. We offer discounted CloudLinux licenses for our Reactive & Proactive Server management plans and FREE CloudLinux licenses for our Critical Server Management plans. 

All CloudLinux features are aimed at increasing server stability and security.

CLOUDLINUX BENEFITS:
* Isolates users from each other to avoid the “bad neighbor effect”
* Prevents users from seeing configuration files and other private information
* Allows end user to select PHP versions 5.2, 5.3, 5.4, and 5.5
* Gives the power to monitor and control limits, such as CPU, IO, Memory, and others
* Helps to restrict and throttle MySQL database abusers
* Compatible with all major control panels
* Interchangeable with CentOS and RHEL.

How can I test or preview my website before switching DNS?

 

  1. Locate the HOSTS file on your computer. Typically it is in one of the following locations:
    • Windows NT/2000/XP/2003/Vista/7 – C:\windows\system32\drivers\etc\hosts
    • Windows 95/98/Me – C:\windows\hosts
  2. Open this file with a text editor such as Notepad or Wordpad.
    • Right-click on Notepad and select the option to Run as Administrator – otherwise you may not be able to open this file.Then, open the file. Consider performing a “Save As” so you have an original copy of the file that you can restore later. You will see two columns of information, the first containing IP addresses and the second containing host names. By default, a windows hosts file should be similar to the following:
      (In Windows 7 Press and hold Ctrl+Shift while opening the Notepad/Wordpad).

    • Filename: hosts

      127.0.0.1 localhost


      You can add additional lines to this file that will point requests for a particular domain to your new server’s IP address.

      Example:


      Filename: hosts

      127.0.0.1 localhost
      123.123.123.123 example.com

  3. Save your changes (be sure to save as a host file, not as a text file).
    Windows wants to save it as text (.txt) so you need to

    1. Change save as type to all files and then
    2. Click on host  (the original file).
  4. Restart any currently open browsers.
  5. You may also want to flush your DNS cache. In Windows XP, go to Start, and then Run, then type “cmd” and hit enter.
    Type the following:ipconfig /flushdns
  6. In your web browser you should see your site as it appears on your testing server when typing http://example.com/ but still be able to see the site on its current web server by visiting http://www.example.com/

How to Edit Your Hosts File on an Apple Macintosh Using Mac OSX

Let us assume for this example your testing server has an IP address 123.123.123.123 and you wish to visit that server when you type “http://example.com” into a web browser BUT still wish to still see the site as the rest of World Wide Web does when you enter “http://www.example.com” into your browser instead.

  1. Open Terminal, which is in Applications, then the Utilities folder. To do this go to the Finder (Desktop) and from the main main bar at the top of the screen choose “Go” and then “Utilities”. Find the Terminal application icon and double click.
  2. You may want to first make a backup copy of your existing hosts file:
    sudo cp /private/etc/hosts /private/etc/hosts-orig

    Enter your user password at the prompt.Then type the following command to edit your hosts file:

    sudo nano /private/etc/hosts

    Enter your user password at the prompt if asked.

  3. You will see a file with contents similar to the following:

    Filename: hosts

    ##

    # Host Database

    #

    # localhost is used to configure the loopback interface

    # when the system is booting. Do not change this entry.

    ##

    127.0.0.1 localhost

    255.255.255.255 broadcasthost

    ::1 localhost

    fe80::1%lo0 localhost

    Using the arrow keys on your keyboard, navigate around this file an add your domain and IP address to the bottom of the file. For example:


    Filename: hosts

    ### Host Database## localhost is used to configure the loopback interface# when the system is booting. Do not change this entry.##127.0.0.1 localhost

    255.255.255.255 broadcasthost

    ::1 localhost

    fe80::1%lo0 localhost

    123.123.123.123 example.com


  4. When done editing the hosts file, press the keyboard combination Control+O to save the file.
    Then press the Enter on the filename prompt to confirm the Save operation. Finally press the keyboard combination Control-X to exit the editor.You may also need to grant yourself sudo priveleges, if you got a permission error in Step 2. In your “Help” menu, search for “root” and select the instructions for “Enabling the root user.” Follow those instructions.
  5. Restart any currently open browsers. You may also want to flush your DNS cache.
    Type the following command into your Terminal window:dscacheutil -flushcache
  6. In your web browser you should see your site as it appears on your testing server when typing http://example.com/ but still be able to see the site on its current web server by visiting http://www.example.com/

Happy New year & Greeting offer!

We’re running a special offer for a limited time on our server management plans! Get the 2nd month for FREE! Just submit a sales ticket after placing your order and we will credit your account for the 2nd month! You pay your first month and you get your second free!

This offer is VALID for the following plans:

Reactive server management
Proactive server management
Critical server management
SolusVM Node management

We wish you a happy, successful, challenging and exciting new year. We are looking forward to do some good business with you next year.

Kind Regards,

Attacker.NET

 

What is RAID?

What is RAID (Redundant Array of Independent Disks)?
RAID creates a single usable data disk, where several physical disks are combined into an array for better speed and/or fault tolerance. There are three key concepts in RAID: mirroring, the copying of data to more than one disk; striping, the splitting of data across more than one disk; and error correction, where redundant data is stored to allow problems to be detected and possibly fixed (known as fault tolerance). Although there are many different levels of RAID.

RAID 0 (Striped set without parity/Non-Redundant Array) Implements data striping where file blocks are written across multiple drives in fragments and requires a minimum of 2 disks. The advantage of a RAID 0 is that the read/write speed is dramatically increased. The more disks in the array the greater the bandwidth. The disadvantage to a RAID0 is that there is no fault tolerance; if a single drive fails it will destroy the array. Also a RAID 0 does not implement error checking so any error is also unrecoverable. A common solution to this is to have a drive outside of the array used as back-up storage in case of a hardware failure.

RAID 1 (Mirrored set without parity) Implements data mirroring. Data is duplicated on two or four drives through a hardware raid controller and provides some fault tolerance. The array is recoverable as long as at least 1 drive has not failed. It provides faster read performance than a single drive and provides drive redundancy in case of drive failure. There is also a very slight reduction to write speed.

RAID 5 (Striped set with dual distributed parity) Implements data striping at a block level, and distributes parity among the drives. The parity information allows recovery from the failure of any single drive because any following reads can be calculated from the distributed parity. Another advantage of a Raid 5 allows for increased read/write speeds while allowing the most efficient use of disk space. RAID 5 requires a minimum of 3 disks.

RAID 10 (RAID 1 + 0) Creates multiple mirrors, where data is organized as stripes across multiple disks and then the striped disk sets are mirrored. RAID 10 offers the same fault tolerance as RAID 1 with increased read/write speeds over a single Raid 1 volume or single drive. RAID Level 10 requires 4 drives to implement.