[BlueOnyx:23723] 5210R: Critical Security Flaw identified. Updates available
Michael Stauber
mstauber at blueonyx.it
Thu Mar 5 20:25:53 -05 2020
Hi all,
A CRITICAL SECURITY FLAW in BlueOnyx 5210R has been found, which allows
privilege escalation of users that are not jailed. You are urged to
install the BlueOnyx 5210R security updates ASAP.
Affected Platforms:
====================
BlueOnyx 5210R on CentOS 8
Type of vulnerability:
=======================
Root privilege escalation. Already logged in (but not jailed) users
could potentially abuse a root level (UID:0, GID:0) account that had
been created without password, but with shell.
Mitigation:
============
YUM updates have been released. To make sure you are fully up to date
please run these commands on your BlueOnyx 5210R:
yum clean all
yum update
To confirm that your BlueOnyx 5210R is fully up to date and no longer
affected by this security issue, you can run this command:
/usr/sausalito/sbin/root-admin-fix.sh
The returned information should then make it clear if the issue was fixed.
Acknowledgement:
=================
Many thanks to Maurice de Laat for reporting this issue.
More information and detailed post mortem:
===========================================
https://www.blueonyx.it/news/261/52/5210R-Critical-Security-Flaw-identified.-Updates-available/
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list