Multiple new SolarWinds vulnerabilities have been uncovered
Vulnerabilities could allow for full remote code execution if left unpatched
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Following last year’sSolarWinds hack, a security researcher from Trustwave’sSpiderLabsdecided to take a further look into the company’s software to see if he could find any additional vulnerabilities.
In a newblog post, security research manager at Trustwave Martin Rakhmanov has revealed that he found three severe bugs in two products from SolarWinds. Thankfully none of these vulnerabilities were exploited during the recent SolarWinds attacks or in any attacks in the wild but one of the three newly discovered bugs could be exploited to achieveremote code executionwith high privileges.
Rakhmanov began his investigation by taking a look into other SolarWinds products based on itsOrionframework. He installed the company’s User Device Tracker software and was prompted to set upMicrosoftMessage Queue (MSMQ) which has been around for more than two decades and is no longer installed by default on modern Windows systems. After looking at the huge list of private queues, Rakhmanov found that these queues are unauthenticated which means that unauthenticated users can send messages to them over TCP port 1801.
From here, he checked how well SolarWinds secures credentials for its backend database. It was then that Rakhmanov discovered that he coulddecrypt passwordsstored in the company’s database using readily available software. Using these passwords, someone can steal information or even add a new admin-level user inside SolarWinds Orion products.
Serv-U FTP vulnerability
To finish off his investigation, Rakhmanov looked at another SolarWinds product called Serv-U FTP for Windows to discover that software stores accounts on disk in separate files.
As directoryaccess controllists in the software allow complete compromise by any authenticated Windows user, anyone can log in locally or viaremote desktopand drop a file that defines a new users and Ser-U FTP will automatically pick it up. Since new users can be created this way, these accounts can be upgraded to admin status to allow anyone to log in via FTP and read or replace any file on a system’s C drive since the FTP server runs as LocalSystem.
Trustwave responsibly reported all of these bugs to SolarWinds and the company then released patches in a timely manner which are available viadirect download hereand in aposton its site.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
However, as some users have not yet patched their systems, SpiderLabs will be waiting until later to publish its proof of concept (PoC) code for these bugs.
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
Do-it-yourself repair kits for the iPhone 16 series are now available from Apple
