Security News > 2021 > November > Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
A high-severity security vulnerability in CloudLinux's Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers.
Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security.
According to researchers at Cisco Talos, the bug specifically exists in the Ai-Bolit scanning functionality of the Imunift360, which allows webmasters and site administrators to search for viruses, vulnerabilities and malware code.
0 vulnerability-severity scale, can lead to a deserialization condition with controllable data, that would allow an attacker to then execute arbitrary code.
It added, "To be more preciseinside the Deobfuscator class, ai-bolit-hoster.php keeps a list of signatures representing code patterns generated by common obfuscatorsWhen a certain signature is inside a scanned file, the proper de-obfuscation handler is executed, which tries to pull out essential data from the obfuscated code."
For one, if Immunify360 is configured with real-time file system scanning, the attacker need only to create a malicious file in the system, they noted.
News URL
https://threatpost.com/linux-web-servers-imunify360-bug/176508/
Related news
- Rackspace internal monitoring web servers hit by zero-day (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- 'Alarming' security bugs lay low in Linux's needrestart server utility for 10 years (source)