SolusVM Vulnerability
- Thread starter George_Fusioned
- Start date
-
- Tags
- exploit hack solusvm vulnerability
Well, found someone who tried to exploit BlueVM's SolusVM. THIS is why we use HyperVM, not SolusVM, for our OpenVZ!
Another day and something positive out of BuyVM. Keep it up!
Just in case you providers using SolusVM didn't know, you can find the IPs clients logged in with under the Client Log page in SolusVM.
Jack
Active Member
Couldn't find that but after looking found another provider that attempted it on me. nice.
Last edited by a moderator:
How do you know ? Could have been a VPN/proxy from their IP space. Unless they were logged in, of course.
Last edited by a moderator:
mikho
Not to be taken seriously, ever!
Well, by the looks of it the vuln could be used on kvm nodes aswell. Or am I wrong?
It's a vulnerability in SolusVM's Control Panel, so anyone using SolusVM for anything (be it OVZ, KVM, Xen-PV, or Xen-HVM) is vulnerable unless they patch.
@Jack it's this page:
That's just a php shell script, uploaded after gaining access via the vuln, not the vuln itself.
netnub - your previous post with code was removed for the same reason this one has been.
If you have information relating to security issues with SolusVM then I would suggest you contact them so a fix can be issued instead of posting snippets of code on here. All you're doing is opening other hosts to possible issues.
Just for the record, you are far from perfect yourself. I'm pretty sure some of your attempts at producing code were FAR worse than this and when the countless mistakes and glaringly obvious security issues were pointed out you brushed them away as though you didn't care or that you 'meant' to do it because it wasn't in production.
We wont let sensitive code be posted in here for the sake of other hosts and their clients. Use your brain.
If you have information relating to security issues with SolusVM then I would suggest you contact them so a fix can be issued instead of posting snippets of code on here. All you're doing is opening other hosts to possible issues.
Just for the record, you are far from perfect yourself. I'm pretty sure some of your attempts at producing code were FAR worse than this and when the countless mistakes and glaringly obvious security issues were pointed out you brushed them away as though you didn't care or that you 'meant' to do it because it wasn't in production.
We wont let sensitive code be posted in here for the sake of other hosts and their clients. Use your brain.
Last edited by a moderator:
D. Strout
Resident IPv6 Proponent
Looks fine to me, fortunately.
Just taken a look at our Lighttpd access logs, seems 4 people have tried to access our central backup (multiple times, I may add...) file but have failed!
I have also heard from a few others that there may be more exploits available? As a precaution I've decided to take down my entire SolusVM web server, better to be safe than sorry!
I have also heard from a few others that there may be more exploits available? As a precaution I've decided to take down my entire SolusVM web server, better to be safe than sorry!
turfhosting
New Member
ChicagoVPS was attacked last night as well I believe. If it was the same exploit and they didnt patch it i would be very angry if i was a customer of theres. thats just laziness and stupidity
drmike
100% Tier-1 Gogent
What's the current situation from SolusVM?
Realize one compromise that slapped at least a half dozen providers and probably caused backdooring of countless others.
Has anyone confirmed the CurtisG and others about exploits?
Has Solus sent anything further to providers? Obviously, it is a high value target and skids are creative. I rule nothing out and am about to go cancelling some accounts I have just because of the situation.
Realize one compromise that slapped at least a half dozen providers and probably caused backdooring of countless others.
Has anyone confirmed the CurtisG and others about exploits?
Has Solus sent anything further to providers? Obviously, it is a high value target and skids are creative. I rule nothing out and am about to go cancelling some accounts I have just because of the situation.