{"id":7424,"date":"2022-02-01T18:54:31","date_gmt":"2022-02-01T18:54:31","guid":{"rendered":"https:\/\/www.hostingseekers.com\/blog\/?p=7424"},"modified":"2025-03-06T11:05:20","modified_gmt":"2025-03-06T11:05:20","slug":"linux-server-faced-rce-attacks","status":"publish","type":"post","link":"https:\/\/www.hostingseekers.com\/blog\/linux-server-faced-rce-attacks\/","title":{"rendered":"Linux Server Faced RCE Attacks Due to Severe Bugs in CentOS"},"content":{"rendered":"

Extensive research recently found two severe security malfunctions (CVE-2021-45467) in the CentOS Web Panel<\/strong>. These were used as a vital part of an attack chain on the affected host, in order to gain the pre-authenticated Remote Code Execution (RCE).<\/p><\/blockquote>\n

CentOS Web Panel, which is now known as Control Web Panel, is a free and open-source Linux Control Panel that is used to set up the hosting settings.<\/p>\n

\n

Tracking Bugs (CVE-2021-45467)<\/h2>\n

After tracking the bugs (CVE-2021-45467), it is found that the issue was a case of file inclusion vulnerability. This issue occurs when the web application is tricked into exposing or running arbitrary files on the webserver.<\/p>\n

Paulos Yibelo of Octagon Networks identified these issues and then he stated that the problem usually occurs when two applications with authenticated PHP pages, like \u2013 \u201c\/user\/login.php\u201d and \u201c\/user\/index.php\u201d \u2013 fails to fully validate a path to a script file.<\/p>\n

This simply means, it becomes an easy job for attackers, as they only have to change the include statement. That\u2019s it. Malfunctioning in the include statement makes them easy to incorporate the content of one PHP file into another PHP file, which ultimately injects the malfunction code from a remote resource. This way, they easily gain code execution.<\/p>\n

\n

Preventive Measures<\/h3>\n

The program already had tight protections to signal any attempts conducted to switch to a parent directory (denoted by \u201c..\u201d) as a hacking attempt. But, surprisingly, it did not stop the PHP interpret from allowing a specially generated text ( .\u201d$00\u201d. )to enter the code by smoothly bypassing the application.<\/p>\n

It allowed arbitrary file write vulnerability (CVE-2021-45467) as well as allowed bad actors to acquire access to the complete remote code execution on the server.<\/p>\n

Now, CWP has resolved the issue and released the fixes earlier this month.<\/p>\n

\n

If you enjoyed reading this news, you are surely going to cherish these too \u2013<\/em><\/h4>\n