In last two years major security bugs have been found and patched which might had affected innumerous users and servers. On 28th October 2014, HD Moore, Chief Research Officer of Rapid7 shared about wget ftp symlink vulnerability in detail. This is the fourth vulnerability related to Linux server which has affected more users and servers which led to gain access not only to user’s files but have root access as well.
4 Wget FTP Symlink Arbitrary Filesystem Access vulnerability publicly disclosed in October 2014. This wget ftp symlink vulnerability allows an attacker to operate any vulnerable FTP server to create files; directories and symlinks on the victim’s file system. The attacker can even overwrite the contents including binary files, and can access to the entire file system with the privilege of the target running wget. This flaw can lead to remote code execution as well. It’s time to upgrade to wget version 1.16 or a package that has backported the CVE-2014-4877 patch.
3 Poodle vulnerability publicly disclosed in in September 2014. Poodle stands for “Padding Oracle on Downgraded Legacy Encryption” which is a MITM attack taking advantage of security software (browser in this case) fallback to SSLv3.0, if TLS is not enabled or supported like in IE6. Currently, all the browsers support TLS protocol and almost all companies are implementing TLS for any kind of secured data transmission over the browser. Very soon every servers and browsers will completely disable SSL 3.0
2 Shellshock vulnerability publicly disclosed in September 2014 and also known as bashdoor. This bug in bash led to execute malicious commands when the commands are concatenated to the end of function definitions stored in the values of environment variables. Popular example is env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
The time when it was announced, many machines got compromised within few hours. Botnets were used for DDos attack using shellshock vulnerability. It affected almost all servers which generally use bash commands like mail servers, cgi web servers, dhcp servers, openssh servers etc.
1 Heartbleed was publicly disclosed in April 2014 and it was one of the most dangerous vulnerability found in last few years. There was a bug in OpenSSL cryptography library, which was a widely used in the implementation of the Transport Layer Security (TLS) protocol.
It can be exploited regardless of whether the party using a vulnerable OpenSSL instance for TLS is a server or a client. As per Wikipedia, the vulnerability is classified as a buffer over-read,a situation where software allows more data to be read than should be allowed. Heartbleed is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160
So, what’s OpenSSL version your server is running?
It seems Linux has many such vulnerable code but Linux developers doesn’t want to disclose it and take it seriously unless and until some known researchers make it public. Is it true? Can we hear what’s happening inside the Linux Dev group from them?
What could be the next vulnerability? Anything related to mail or its related protocols? Any guess?
Sources:
Image Source: http://securityaffairs.co/
