Linux Server Faced RCE Attacks Due to Severe Bugs in CentOS

News February 1st 2022

Extensive research recently found two severe security malfunctions (CVE-2021-45467) in the CentOS Web Panel. These were used as a vital part of an attack chain on the affected host, in order to gain the pre-authenticated Remote Code Execution (RCE).

CentOS Web Panel, which is now known as Control Web Panel, is a free and open-source Linux Control Panel that is used to set up the hosting settings.

Tracking Bugs (CVE-2021-45467)

After tracking the bugs (CVE-2021-45467), it is found that the issue was a case of file inclusion vulnerability. This issue occurs when the web application is tricked into exposing or running arbitrary files on the webserver.

Paulos Yibelo of Octagon Networks identified these issues and then he stated that the problem usually occurs when two applications with authenticated PHP pages, like – “/user/login.php” and “/user/index.php” – fails to fully validate a path to a script file.

This simply means, it becomes an easy job for attackers, as they only have to change the include statement. That’s it. Malfunctioning in the include statement makes them easy to incorporate the content of one PHP file into another PHP file, which ultimately injects the malfunction code from a remote resource. This way, they easily gain code execution.

Preventive Measures

The program already had tight protections to signal any attempts conducted to switch to a parent directory (denoted by “..”) as a hacking attempt. But, surprisingly, it did not stop the PHP interpret from allowing a specially generated text ( .”$00”. )to enter the code by smoothly bypassing the application.

It allowed arbitrary file write vulnerability (CVE-2021-45467) as well as allowed bad actors to acquire access to the complete remote code execution on the server.

Now, CWP has resolved the issue and released the fixes earlier this month.

If you enjoyed reading this news, you are surely going to cherish these too –

manvinder Singh

https://www.hostingseekers.com

Manvinder Singh is the Founder and CEO of HostingSeekers, an award-winning go-to-directory for all things hosting. Our team conducts extensive research to filter the top solution providers, enabling visitors to effortlessly pick the one that perfectly suits their needs. We are one of the fastest growing web directories, with 500+ global companies currently listed on our platform.