"Election" hacking has never been simpler than it is today!
infosec

"Election" hacking has never been simpler than it is today!

Being a professional hacker has never been easier and more profitable than it is today. According to...
Read More
infosec

A new Android Trojan misleads users through notifications

A new Android Trojan discovered by security researchers on the Google Play Store uses false notifications to redirect their ...
Read More
infosec

Europol: Training of police officers with ....... a game!

In recent years, cryptocurrencies are a frequent target of hackers' attacks. For this reason, Europol has decided to train ...
Read More
infosec

Dark Web: Selling drugs in exchange for Bitcoins. Now prison!

We know that Dark Web is mainly used by hackers and people who are interested in doing illegal online activities. These people are using ...
Read More
infosec

Twitter: Deleting thousands of fake Iranian and Russian accounts

One of the most common means of spreading misinformation and political propaganda is social media. Twitter found, ...
Read More
Latest Posts

Error on Apache HTTP Servers, gives root access to hackers

Apache

The most widespread Web server , Apache HTTP, seems to have repaired a serious vulnerability that allows hackers or malware, gain unlimited control over a machine.

This error, called CVE-2019-0211, is a local privilege escalation bug, which means that it allows a person or software that already has limited access to a server to acquire root privileges. From there, the attacker could do almost everything in one system. According to Charles Fol, a researcher who discovered the error, vulnerability makes it possible for unauthorized intruders to replace sensitive parts of a server's memory. A malicious script could exploit the vulnerability to gain root access.

Vulnerability poses the greatest risk to Web-hosting installations that offer common impressions where a machine provides content for more than one site. Typically, these servers prevent a site administrator from accessing other sites or accessing sensitive settings of the machine itself.

"If one of the users successfully exploits the vulnerability, it will have full access to the server, just like the web hoster," said Fol. "This means reading / writing / deleting any other user's file / database."

The other possible script for exploitation is the case that an attacker using a different attack gains only limited privileges on a server running Apache. If the server is vulnerable to CVE-2019-0211, the attacker could take advantage of the flaw to increase these limited permissions to root.

Vulnerability affects only versions of Apache 2.4.17 to 2.4.38 when running on UNIX-like systems. According to the Rapid7 security company, about 2 million different systems were vulnerable to CVE-2019-0211, though most likely were updated since the bug was published.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *