CVE-2019-10149: Exim 4.87 to 4.91 (POSSIBLE Remote Exploit)

Zero Day Advisories
We have heard a report of a *POSSIBLE* remote Exim exploit out in the wild and looks like Exim has also heard the same thing. Not much information is known at this time, but here is the official post from Exim: We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit. A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87. The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better. Exim 4.92 is not vulnerable. Next steps: * t0: Distros will get access to our non-public security Git repo (access is granted based on the SSH…
Read More

Webmin (CVE-2019-15107) – Zero Day Remote Exploit

Zero Day Advisories
We have been made aware of a remote exploit in Webmin 1.920 (latest) that would allow users to run arbitrary commands. The function that is being exploited is related to the user password change that appears to be enabled by default. It is recommended that you disable that function and also temporarily disable password_change.cgi at the file system level until a patch has been released. Please monitor the change log for updates: http://www.webmin.com/changes.html At the time of writing this, no patch has been issued to our knowledge! ============================================================ RACK911 Labs 1110 Palms Airport Drive, Suite 110 Las Vegas, NV 89119 1-855-RACK911 ============================================================ UNSUBSCRIBE: https://hostingseclist.us3.list-manage.com/unsubscribe?u=722bc323a024d15a407baae81&id=3d82a776ec&e=[UNIQID]&c=2513aed8e1 FORWARD EMAIL: http://us3.forward-to-friend.com/forward?u=722bc323a024d15a407baae81&id=2513aed8e1&e=[UNIQID] UPDATE PROFILE: https://hostingseclist.us3.list-manage.com/profile?u=722bc323a024d15a407baae81&id=3d82a776ec&e=[UNIQID]&c=2513aed8e1
Read More

WARNING: Apache HTTP 2.4.17 to 2.4.38 Local Root Exploit

Zero Day Advisories
Apache HTTP 2.4.17 to 2.4.38 is vulnerable to a local root exploit when mod_prefork, mod_worker and mod_event are used: https://httpd.apache.org/security/vulnerabilities_24.html We are hearing reports of exploit(s) already being produced and strongly recommend that everyone update to Apache HTTP 2.4.39 as soon as possible - especially in shared hosting environments! https://www.apache.org/dist/httpd/Announcement2.4.html https://www.zdnet.com/article/apache-web-server-bug-grants-root-access-on-shared-hosting-environments/ ============================================================ https://www.RACK911Labs.com RACK911 Labs 1110 Palms Airport Drive, Suite 110 Las Vegas, NV 89119 1-855-RACK911 ============================================================ UNSUBSCRIBE: https://hostingseclist.us3.list-manage.com/unsubscribe?u=722bc323a024d15a407baae81&id=3d82a776ec&e=[UNIQID]&c=4c08effbeb FORWARD EMAIL: http://us3.forward-to-friend.com/forward?u=722bc323a024d15a407baae81&id=4c08effbeb&e=[UNIQID] UPDATE PROFILE: https://hostingseclist.us3.list-manage.com/profile?u=722bc323a024d15a407baae81&id=3d82a776ec&e=[UNIQID]&c=4c08effbeb
Read More