Security News > 2021 > November > Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
A high-severity security vulnerability in CloudLinux's Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers.
Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security.
According to researchers at Cisco Talos, the bug specifically exists in the Ai-Bolit scanning functionality of the Imunift360, which allows webmasters and site administrators to search for viruses, vulnerabilities and malware code.
0 vulnerability-severity scale, can lead to a deserialization condition with controllable data, that would allow an attacker to then execute arbitrary code.
It added, "To be more preciseinside the Deobfuscator class, ai-bolit-hoster.php keeps a list of signatures representing code patterns generated by common obfuscatorsWhen a certain signature is inside a scanned file, the proper de-obfuscation handler is executed, which tries to pull out essential data from the obfuscated code."
For one, if Immunify360 is configured with real-time file system scanning, the attacker need only to create a malicious file in the system, they noted.
News URL
https://threatpost.com/linux-web-servers-imunify360-bug/176508/
Related news
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)
- Russian security firm Dr.Web disconnects all servers after breach (source)
- CUPS flaws enable Linux remote code execution, but there’s a catch (source)