viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
SolarWinds patches vulnerabilities that could allow full system control
Technology

SolarWinds patches vulnerabilities that could allow full system control

04/02/2021

SolarWinds patches vulnerabilities that could allow full system control

Getty Images

SolarWinds, the previously little-known company whose network-monitoring tool Orion was a primary vector for one of the most serious breaches in US history, has pushed out fixes for three severe vulnerabilities.

Martin Rakhmanov, a researcher with Trustwave SpiderLabs, said in a blog post on Wednesday that he began analyzing SolarWinds products shortly after FireEye and Microsoft reported that hackers had taken control of SolarWinds’ software development system and used it to distribute backdoored updates to Orion customers. It didn’t take long for him to find three vulnerabilities, two in Orion and a third in a product known as the Serv-U FTP for Windows. There’s no evidence any of the vulnerabilities have been exploited in the wild.

The most serious flaw allows unprivileged users to remotely execute code that takes complete control of the underlying operating system. Tracked as CVE-2021-25274 the vulnerability stems from Orion’s use of the Microsoft Message Queue, a tool that has existed for more than 20 years but is no longer installed by default on Windows machines.

Hard to miss

As Rakhmanov poked through the Windows Computer Management console, he quickly seized on the following security permissions for one of the dozens of private queues it enabled:

Trustwave SpiderLabs

“It’s pretty hard to miss that warning shield showing that the queue, like all the queues, is unauthenticated,” the researcher wrote. “In short, unauthenticated users can send messages to such queues over TCP port 1801. My interest was piqued, and I jumped in to look at the code that handles incoming messages. Unfortunately, it turned out to be an unsafe deserialization victim.”

Advertisement

Trustwave SpiderLabs described the flaw this way in a separate advisory:

SolarWinds Collector Service uses MSMQ (Microsoft Message Queue) and it doesn’t set permissions on its private queues. As a result, remote unauthenticated clients can send messages that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner allowing remote arbitrary code execution as LocalSystem.

Database Credentials for Everyone

The second Orion vulnerability, tracked as CVE-2021-25275, is the result of Orion storing database credentials in an insecure manner. Specifically, Orion keeps the credentials in a file that’s readable by unprivileged users. Rakhmanov facetiously called this “Database Credentials for Everyone.”

While the files cryptographically protect the passwords, the researcher was able to find code that converts the password to plaintext. The result: anyone who can log in to a box locally or through the Remote Desktop Protocol can gain the credentials for the SolarWindsOrionDatabaseUser.

“The next step is to connect to the Microsoft SQL Server using the recovered account, and at this point, we have complete control over the SOLARWINDS_ORION database,” Rakhmanov wrote. “From here, one can steal information or add a new admin-level user to be used inside SolarWinds Orion products.”

Create your own admin account

The third vulnerability, tracked as CVE-2021-25276, resides in the Serv-U FTP for Windows. The program stores details for each account in a separate file. Those files can be created by any authenticated Windows user.

Rakhmanov wrote:

Specifically, anyone who can log in locally or via Remote Desktop can just drop a file that defines a new user, and the Serv-U FTP will automatically pick it up. Next, since we can create any Serv-U FTP user, it makes sense to define an admin account by setting a simple field in the file and then set the home directory to the root of C: drive. Now we can log in via FTP and read or replace any file on the C: since the FTP server runs as LocalSystem.

Fixes for Orion and Serv-U FTP are available here and here. People who rely on either of these products should install patches as soon as possible.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

CES 2020: The best ideas and products of tech’s biggest show
I have just about wrapped up my trip to CES …

CES 2020: The best ideas and products of tech’s biggest show

Need security and speed? This top-rated VPN gives you both.
During this time of social isolation, the internet has never …

Need security and speed? This top-rated VPN gives you both.

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • AI Weekly: The election
    AI Weekly: The election
    07/11/2020
  • Acclaim cofounder Gregory Fischbach starts publisher Accelerate Games
    Acclaim cofounder Gregory Fischbach starts publisher Accelerate …
    02/11/2020
  • Suikoden successor Eiyuden Chronicle hits Kickstarter goal in first day
    Suikoden successor Eiyuden Chronicle hits Kickstarter goal …
    27/07/2020
  • Before we put $100 billion into AI …
    Before we put $100 billion into AI …
    08/08/2020
  • Here’s what the ‘new normal’ remote sales stack looks like
    Here’s what the ‘new normal’ remote sales …
    24/12/2020

Popular Posts

  • Millions of web surfers are being targeted by a single malvertising group
    Millions of web surfers are being targeted …
    19/04/2021 0
  • Top 10 Averted Tragedies And Near-misses – …
    21/03/2021 0
  • 10 Images Of Easter Celebrations Worldwide – …
    22/03/2021 0
  • Top 10 People Who Were Thought To …
    22/03/2021 0
  • Judge grants class-action status to MacBook butterfly-keyboard suit
    Judge grants class-action status to MacBook butterfly-keyboard …
    22/03/2021 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2021 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh