Apache net server computer virus offers root access on shared hosting environments

This week, the Apache Software Foundation has patched an excessive vulnerability in the Apache (httpd) net server mission that might –below certain situations– allow rogue server scripts to execute code with root privileges and take over the underlying server. The vulnerability, tracked as CVE-2019-0211, affects Apache webserver releases for Unix systems most effectively from 2.Four.17 to 2.4.38, and turned into fixed this week with the discharge of version 2.Four.39. According to the Apache group, much less-privileged Apache child processes (including CGI scripts) can execute malicious code with the discerning process’s privileges. Because on most Unix systems, Apache HTTPd runs below the foundation consumer, any chance actor who has planted a malicious CGI script on an Apache server can use CVE-2019-0211 to take over the underlying machine walking the Apache HTTPd procedure and inherently manipulate the entire gadget.



The vulnerability won’t pose an instantaneous and palpable threat to builders and businesses strolling their server infrastructure. Still, the trouble is a critical vulnerability in inner shared web-hosting environments. “First of all, it’s far a LOCAL vulnerability; because of this, you need to have a few types of getting admission to the server,” Charles Fol, the safety researcher who observed this vulnerability, advised ZDNet in an interview yesterday. In this manner, attackers must either sign up money owed to the shared website hosting companies or compromise present bills. Once this occurs, the attacker needs to add a malicious CGI script via their rented/compromised server’s manage panel to manage the hosting company’s server to plant malware or scouse borrow facts from other customers who have statistics saved on the same machine. “The web hoster generally gets entry to the server through the ‘root’ account. Suppose one of the customers successfully exploits the vulnerability I pronounced. In that case, they can get complete right of entry to the server, just like the net hoster,” Fol stated. “This implies examine/write/delete any file/database of the other customers.”


But Fol additionally instructed ZDNet that CVE-2019-0211, just via its presence, mechanically augments some other server security problems –even for Apache net servers no longer a part of shared-hosting environments. “For attackers or pen-testers, after [they] compromise an Apache HTTP server, [they] commonly get an account with low privileges (generally, www-information),” Fol stated. But any listing traversal or faraway code execution flaw that lets an attacker add a CGI script, now additionally manner automatic root get right of entry to as a result of CVE-2019-0211, according to Fol. For this motive, patching this flaw is a need. First and foremost, for shared hosting providers, after which additional corporations will go for walks, Apache on non-public, non-shared servers -which face a decreased risk of attack.

Comments Off on Apache net server computer virus offers root access on shared hosting environments