Skip to main content
BlogSecurityLinode Security Digest January 13 – 20, 2023

Linode Security Digest January 13 – 20, 2023

Linode Security Digest

In this week’s digest, we will discuss the following:

  • Apache HTTP server vulnerabilities;
  • a Linux Kernel Netfilter Integer Overflow vulnerability; and
  • CentOS Web Panel 7 RCE

Apache HTTP Server Vulnerabilities:

If a carefully-crafted request header can perform a memory read or write of a single zero byte in a heap memory location beyond the header value sent, it could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier, so upgrade to 2.4.55 to mitigate.

Inconsistent interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server to which it forwards requests. This issue affects Apache HTTP Server 2.4 version 2.4.54 and prior versions, so upgrade to 2.4.55 to patch this vulnerability.

  • CVE-2022-37436 mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting 

The software does not correctly process CRLF character sequences, which are end-of-line characters. Attackers can send a crafted HTTP packet with a CRLF sequence, causing early truncation of the response headers and incorporating some headers into the response body. If the later headers have any security purpose, they will not be interpreted by the client. This issue affects Apache HTTP Server 2.4.54 and prior versions, so upgrade to 2.4.55 to patch this vulnerability. 

Linux Kernel Netfilter Integer Overflow Vulnerability

CVE-2023-0179  consists of stack buffer overflow due to integer underflow vulnerability inside the nft_payload_copy_vlan function, which is invoked with nft_payload expressions as long as a VLAN tag is present in the current socket buffer. RedHat gave this vulnerability a CVSS v3 score of 7.8, which affects machines that are on the newest distro versions such as Ubuntu Jammy, Debian Bullseye, Rocky Linux 9, or machines with a kernel version 5.10 LTS. This vulnerability does not affect Debian buster. 

Mitigate this flaw by disabling unprivileged user namespaces preventing exploitation:

sysctl -w kernel.unprivileged_userns_clone = 0

Centos Web Panel 7 Remote Code Execution Vulnerability

CVE-2022-44877 is a critical vulnerability that affects any CWP below version 0.9.8.1147 and is being exploited in the wild. This vulnerability exists in the login/index.php in CWP and allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. Researchers released a PoC for this vulnerability to GitHub and Youtube on January 5th, 2023, leading to increased exploitation by threat actors. To mitigate this threat, update to the latest version, v0.9.8.1148, as this affects Centos Web Panel 7 < v0.9.8.1147.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *