PoC Exploit Released for HTTP File Server Remote Code Execution Vulnerability
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A proof-of-concept (PoC) exploit has been released for a critical remote code execution vulnerability in the HTTP File Server (HFS) software, identified as CVE-2024-39943.
This vulnerability affects HFS version 3 before 0.52.10 on Linux, UNIX, and macOS systems, allowing remote authenticated users with upload permissions to execute OS commands due to the use of execSync instead of spawnSync in the child_process Module of Node.js.
Details of the Vulnerability
The vulnerability arises because HFS uses a shell to execute the df command, which attackers can exploit to run arbitrary commands on the host system. The National Vulnerability Database (NVD) has acknowledged this issue but not yet fully analyzed it.
The PoC exploit from Truonghuuphuc demonstrates how attackers can leverage this flaw to gain control over vulnerable systems.
Mitigation
Users of HFS are strongly advised to update to version 0.52.10 or later to mitigate this vulnerability. The update addresses the issue by replacing execSync with spawnSync in the child_process module, thereby preventing the execution of arbitrary commands via the shell
To deploy the updated HFS version with the necessary configuration, users can use the following command:
./hfs --config config.yaml
Administrators should ensure that their HFS installations are updated to the latest version to protect against potential attacks exploiting this vulnerability.
Patch your HTTP File Server (HFS) & Prevent Exploitation
Update HFS to Version 0.52.10 or Later :
The vulnerability is fixed in HFS version 0.52.10. Ensure you download and install this version or any later version to mitigate the issue. This update replaces the use of execSync with spawnSync in the child_process module of Node.js, which prevents the execution of arbitrary OS commands.
Disable Upload Permissions Temporarily :
If you cannot immediately update HFS, consider temporarily disabling upload permissions for all users. This will reduce the risk of exploitation until the update can be applied[4].
Implement Strong Authentication Mechanisms :
Ensure that strong authentication mechanisms are in place. Regularly review and restrict user permissions, especially upload permissions, to minimize the risk of unauthorized access.
Monitor Systems for Suspicious Activities :
Continuously monitor your systems for any suspicious activities or unauthorized command executions. Implement logging and alerting mechanisms to detect potential exploitation attempts.
Network Segmentation :
Consider implementing network segmentation to limit the potential impact of exploitation. This can help contain any breach and protect critical assets.
Regular Audits and Updates :
Audit and update all instances of HFS in your environment regularly. Keeping software up-to-date is crucial for maintaining security and protecting against newly discovered vulnerabilities.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
PoC Exploit Released for HTTP File Server Remote Code Execution Vulnerability
Author: Guru BaranA proof-of-concept (PoC) exploit has been released for a critical remote code execution vulnerability in the HTTP File Server (HFS) software, identified as CVE-2024-39943.
This vulnerability affects HFS version 3 before 0.52.10 on Linux, UNIX, and macOS systems, allowing remote authenticated users with upload permissions to execute OS commands due to the use of execSync instead of spawnSync in the child_process Module of Node.js.
Details of the Vulnerability
The vulnerability arises because HFS uses a shell to execute the df command, which attackers can exploit to run arbitrary commands on the host system. The National Vulnerability Database (NVD) has acknowledged this issue but not yet fully analyzed it.
The PoC exploit from Truonghuuphuc demonstrates how attackers can leverage this flaw to gain control over vulnerable systems.
Mitigation
Users of HFS are strongly advised to update to version 0.52.10 or later to mitigate this vulnerability. The update addresses the issue by replacing execSync with spawnSync in the child_process module, thereby preventing the execution of arbitrary commands via the shell
To deploy the updated HFS version with the necessary configuration, users can use the following command:
./hfs --config config.yaml
Administrators should ensure that their HFS installations are updated to the latest version to protect against potential attacks exploiting this vulnerability.
Patch your HTTP File Server (HFS) & Prevent Exploitation
Update HFS to Version 0.52.10 or Later :
The vulnerability is fixed in HFS version 0.52.10. Ensure you download and install this version or any later version to mitigate the issue. This update replaces the use of execSync with spawnSync in the child_process module of Node.js, which prevents the execution of arbitrary OS commands.
Disable Upload Permissions Temporarily :
If you cannot immediately update HFS, consider temporarily disabling upload permissions for all users. This will reduce the risk of exploitation until the update can be applied[4].
Implement Strong Authentication Mechanisms :
Ensure that strong authentication mechanisms are in place. Regularly review and restrict user permissions, especially upload permissions, to minimize the risk of unauthorized access.
Monitor Systems for Suspicious Activities :
Continuously monitor your systems for any suspicious activities or unauthorized command executions. Implement logging and alerting mechanisms to detect potential exploitation attempts.
Network Segmentation :
Consider implementing network segmentation to limit the potential impact of exploitation. This can help contain any breach and protect critical assets.
Regular Audits and Updates :
Audit and update all instances of HFS in your environment regularly. Keeping software up-to-date is crucial for maintaining security and protecting against newly discovered vulnerabilities.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
