|
|
|
|
Hello,
This is a courtesy notice to let you know about the (Linux Glibc Getaddrinfo Stack-based Buffer Overflow Zero Day Vulnerability).
A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This package contains the standard C library against which all GNU/Linux programs are linked.
Fix the Glibc Getaddrinfo vulnerability on a RHEL/CentOS Linux
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Type the following yum command:
$ sudo yum clean all
$ sudo yum update
After the update is applied you need to reboot the system or restart all affected services:
Because this vulnerability affects a large amount of applications on the system, the safest and recommended way to assure every application uses the updated glibc packages is to restart the system.
In case you are unable to restart the entire system after applying the update, execute the following command to list all running processes (not restricted to services) still using the old [in-memory] version of glibc on your system.
lsof +c0 -d DEL | awk 'NR==1 || /libc-/ {print $2,$1,$4,$NF}' | column -t
From the resulting list, identify the public-facing services and restart them.
You can find more details from the links below.
https://access.redhat.com/security/cve/cve-2015-7547
https://access.redhat.com/articles/2161461
If you are not running any systems on CentOS 6 or 7:
Your services are unaffected by this vulnerability.
If you have any questions, please do not hesitate to open a ticket with our helpdesk.
Read more »
|
|
|
|
|
|
Hello,
Content Management Systems are a prime base camp for triggering malicious activity. These CMS are commonly used by people who doesn't have much idea about coding and scripting. The hackers create a hand full of useful components for these cms. The people who have very less or no knowledge about coding will use these components without inspecting what it actually does. For easy spamming, they include mailing scripts to send out tones of spam emails.
Using outdated core and components also victimizes the domain owner. These components will have serious security holes which help intruders to get access to the filesystem and trigger malicious activities. When ever an update is available, please apply it as soon as possible.
PHP mail function is one of the way to send out anonymously/spoofed emails. In our case we commonly use this on our contact us web forms. This mail form act as a smtp proxy, this function takes ([RECIPIENT],[SUBJECT],[MESSAGE],[EXTRAHEADERS], [EXTRAPARAMS]) as parameters. There are numerous additional fields that can be specified in the mail headers, For example 'Cc' (Carbon Copy), which sends a copy of the message to the email addresses given as arguments, 'Bcc' (Blind Carbon Copy) which sends a carbon copy of the message just like with the 'Cc' header.
By entering hexadecimal characters in the form field they are able to add carriage returns and spaces. So the following string entered in a form field such as "Your Email" will result in a carbon copy of the email being sent to recipient@someothersite.xxx and a blind carbon copy being sent to victim2@victimsdomain.xxx and victim3@victimsdomain.xxx
Many sites provide the possibility to "email this page to a friend" "contact us" through a web form, the resulting email softly suggests to "visit our website" on behalf of the user that filled in the form with his personal email address. Even though the subject and the message are hardcoded, there is still a way to inject headers.
To completely eliminate the possibility of php mail() function being exploited, we will be disabling this function on our servers. For sending out emails you may use phpmailer with smtp auth. A sample script to achieve this is mentioned bellow.
<?php
require("class.phpmailer.php");
$mail = new PHPMailer();
$mail->IsSMTP(); // set mailer to
use SMTP
$mail->Host = "mail.yourdomain.com"; // specify main and backup server
$mail->SMTPAuth = true; // turn on SMTP authentication
$mail->Username = "youremailid@domain.com"; // SMTP username
$mail->Password = "yourpassword"; // SMTP password
$mail->From = "youremailid@domain.com";
$mail->FromName = "Mailer";
$mail->AddAddress("myname@myname.com", "My Name"); // name is
optional
$mail->AddReplyTo("info@example.com", "Information");
$mail->WordWrap = 50; // set word wrap
to 50 characters
$mail->IsHTML(true); // set email
format to HTML
$mail->Subject = "Here is the subject";
$mail->Body = "This is the HTML message body <b>in bold!</b>";
$mail->AltBody = "This is the body in plain text for non-HTML mail
clients";
if(!$mail->Send())
{
echo "Message could not be sent. <p>";
echo "Mailer Error: " . $mail->ErrorInfo;
exit;
}
echo "Message has been sent";
?>
Please feel free to submit a ticket if you need help.
We will disable it on Wednesday at 04h00 a.m. (EST) on 20th of January, 2016
Read more »
|
|
|
|
|
|
Hello,
Please use following nameservers for new created accounts.
ns1.sameservers.com - 66.7.198.4
ns2.sameservers.com - 67.23.253.4
ns3.sameservers.com - 69.164.204.20
Happy 2016
Read more »
|
|
|
|
|
|
Hello,
An update for Joomla was just released to address a serious security vulnerability and we strongly recommended you to update Joomla as soon as possible.
Severity : High
Affected Versions : Joomla CMS versions 1.5.0 through 3.4.5
Exploit type : Remote Code Execution
Reported Date : 2015-December-13
Fixed Date : 2015-December-14
Solution : Upgrade to version 3.4.6
Please go through the official link for more information.
Official Link: https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
Read more »
|
|
|
|
|
|
WordPress 4.3.1 is now available.
This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress 4.3.1 addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). A separate cross-site scripting vulnerability was found in the user list table. Discovered by Ben Bidner of the WordPress security team. Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).
WordPress 4.3.1 also fixes 26 bugs from 4.3.
Download WordPress 4.3.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.
For more information, see the release notes or consult the list of changes.
Official link : [ https://wordpress.org/news/2015/09/wordpress-4-3-1/ ]
Read more »
|
|
