OVH Community, your new community space.

Vulneabilidad en SolusVM


oceano
16/06/2013, 17:33
Hola jack2,

Muchas gracias por la info

********************
In the last few hours a security exploit has been found. This email is to inform you of a temporary fix to eliminate this exploit whilst the issue is patched and transferred to our file servers for release.

Instructions:

You will need root SSH access to your master server. You are then required to delete the following file:

/usr/local/solusvm/www/centralbackup.php

*******************
o lo que es lo mismo,

rm -rf /usr/local/solusvm/www/centralbackup.php


Fuente oficial:
http://blog.soluslabs.com/2013/06/16...usvm-versions/

* para comprobar si tus máquinas están afectadas
# cd /usr/local/solusvm/www/
# grep -i -r -n "list($db_name, $db_user" *


Un saludo !

jack2
16/06/2013, 16:53
Grave vulnerabilidad en SolusVM ... por el momento para mitigarla eliminar el archivo centralbackup.php

Detalles de la vulnerabilidad

http://localhost.re/p/solusvm-11303-vulnerabilities


WOW .. por esta vulnerabilidad comprometieron a RanNode
-------------------------------------------------------------------
"Yes. ~5000 VM logins compromised, ~55 host nodes IP, SSH port, ID key password, and their entire client database leaked."
-------------------------------------------------------------------

Monitoreo de RanNode ofrecido por Pingdom ... Jun 16 ... todo caído

http://status.ramnode.com/