Solarwinds sftp
SOLARWINDS SFTP PATCH
SolarWinds issued a patch to address the vulnerability on December 26, 2020. In late December, Microsoft said a second hacker collective might have been abusing the IT infrastructure provider's Orion software to drop a persistent backdoor called Supernova on target systems by taking advantage of an authentication bypass vulnerability in the Orion API to execute arbitrary commands. This flaw is said to be different from those that were abused by suspected Russian threat operatives to compromise SolarWinds Orion software that was then distributed to as many as 18,000 of its customers, according to Reuters. News of the three vulnerabilities in SolarWinds products comes on the heels of reports that alleged Chinese threat actors exploited a previously undocumented flaw in the company's software to break into the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture Targeted Using New SolarWinds Flaw
SOLARWINDS SFTP FULL
Lastly, a flaw in SolarWinds Serv-U FTP Server 15.2.1 for Windows could allow any attacker that can log in to the system locally or via Remote Desktop to drop a file that defines a new admin user with full access to the C:\ drive, which can then be leveraged by logging in as that user via FTP and read or replace any file on the drive. The second vulnerability, also found in the Orion Platform, concerns the insecure manner in which credentials of the backend database (named "SOLARWINDS_ORION") is stored in a configuration file, resulting in a local, unprivileged user take complete control over the database, steal information, or even add a new admin-level user to be used inside SolarWinds Orion products. The patch released by SolarWinds (Orion Platform 2020.2.4) addresses the bug with a digital signature validation step that's performed on arrived messages to ensure that unsigned messages are not processed further, but Rakhmanov cautioned that the MSMQ is still unauthenticated and allows anyone to send messages to it. "Given that the message processing code runs as a Windows service configured to use LocalSystem account, we have complete control of the underlying operating system," Trust researcher Martin Rakhmanov said. Trustwave said it intends to release a proof-of-concept (PoC) code next week on February 9.Ĭhief among the vulnerabilities uncovered by Trustwave includes improper use of Microsoft Messaging Queue ( MSMQ), which is used heavily by the SolarWinds Orion Collector Service, thereby allowing unauthenticated users to send messages to such queues over TCP port 1801 and eventually attain RCE by chaining it with another unsafe deserialization issue in the code that handles incoming messages.
SOLARWINDS SFTP INSTALL
It's highly recommended that users install the latest versions of Orion Platform and Serv-U FTP ( 15.2.2 Hotfix 1) to mitigate the risks associated with the flaws.
The two sets of vulnerabilities in Orion and Serv-U FTP were disclosed to SolarWinds on December 30, 2020, and January 4, 2021, respectively, following which the company resolved the issues on January 22 and January 25.