OVH Community, your new community space.

Vulneabilidad en SolusVM

16/06/2013, 17:33
Hola jack2,

Muchas gracias por la info

In the last few hours a security exploit has been found. This email is to inform you of a temporary fix to eliminate this exploit whilst the issue is patched and transferred to our file servers for release.


You will need root SSH access to your master server. You are then required to delete the following file:


o lo que es lo mismo,

rm -rf /usr/local/solusvm/www/centralbackup.php

Fuente oficial:

* para comprobar si tus máquinas están afectadas
# cd /usr/local/solusvm/www/
# grep -i -r -n "list($db_name, $db_user" *

Un saludo !

16/06/2013, 16:53
Grave vulnerabilidad en SolusVM ... por el momento para mitigarla eliminar el archivo centralbackup.php

Detalles de la vulnerabilidad

WOW .. por esta vulnerabilidad comprometieron a RanNode
"Yes. ~5000 VM logins compromised, ~55 host nodes IP, SSH port, ID key password, and their entire client database leaked."

Monitoreo de RanNode ofrecido por Pingdom ... Jun 16 ... todo caído