Future Hosting Warns Server Admins Of Dangerous Privilege Escalation Vulnerability

Share Article

Future Hosting, a specialized VPS and managed dedicated server hosting provider, has advised server administrators to update Linux server operating systems as soon as possible.

futurehosting_logo
This vulnerability is especially problematic for multi-tenancy servers, including those used for web hosting.

Future Hosting, a specialized VPS and managed dedicated server hosting provider, has advised server administrators to update Linux server operating systems as soon as possible. The advice is a response to the recent discovery of a serious privilege escalation vulnerability in the Linux kernel (as reported in Ars Technica on October 20).

The so-called "Dirty Cow" vulnerability has been part of the Linux kernel for more than a decade, and there is evidence of it being actively exploited by online criminals and hackers.

The vulnerability can be used by a local user to gain elevated permissions, allowing them to read and write data to memory and system files. Once a malicious user has leveraged the vulnerability to gain root user permissions, all users of the server are at risk.

The vulnerability is a particular threat to web hosting providers, who commonly give accounts on the same server to many different clients. On an unpatched server, any one of those users could leverage the vulnerability to gain access to the data of other users.

“Although Future Hosting immediately patched its managed servers when news of the vulnerability broke, we're concerned that there may be many thousands of servers that remain unpatched,” said Maulesh Patel, VP of Operations of Future Hosting, “This vulnerability is especially problematic for multi-tenancy servers, including those used for web hosting. Responsible web hosting providers should proactively patch vulnerable servers.”

Although the vulnerability requires a malicious user to have an account on the server, it could be combined with other vulnerabilities to allow the remote execution of arbitrary code with root permissions. Any vulnerability that provides shell access or allows the execution of code on the server — as in the case of an SQL-injection attack — can be combined with the privilege escalation vulnerability.

Future Hosting offers KSplice Uptrack on many of its managed and unmanaged server plans, allowing clients to update their servers, including the kernel, without requiring a reboot and the associated downtime.

About Future Hosting, LLC

Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Vik Patel
@fhsales
since: 08/2009
Follow >
Follow us on
Visit website