This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is Apache's CVE-2019-0211 relevant to the UTM's user portal?

Apache's latest scare de jour, CAPRE DIEM, CVE-2019-0211, is a parent process privilege exploit. Since the UTMs user portal and webadmin are run on apache, apache is started by root, and the version on UTM appears to fall in the versions that are susceptible, is there any actual risk to this exploit on the UTM? A colleague expressed concern about this vulnerability and suggested disabling the portal until it was patched. 

I know the exploit is more of a concern with hosts/shared hosting providers, and requires someone to execute a malicious script via the webserver, which I would think means they would need to get a file ON to the UTM, but I was wondering what the risk level was for exploits like this on the UTM. I feel like the risk on a contained system like this is minimal, but I'm always worried I'm missing something. Is there reason to be concerned for this exploit, or similar ones?

 

Thanks!

Adam



This thread was automatically locked due to age.
Parents
  • My guess is that one would need root access to do this exploit in the UTM, Adam.  My question would be whether WAF would protect internal web servers and whether Snort would detect the exploit in traffic NAT'd to an internal server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • My guess is that one would need root access to do this exploit in the UTM, Adam.  My question would be whether WAF would protect internal web servers and whether Snort would detect the exploit in traffic NAT'd to an internal server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • That's what I thought. Thanks Bob. 

     

    As far as the WAF/IPS detecting the traffic behind the firewall, I'm hopeful it would; although, with most traffic being encrypted now days, I'm not sure how it does this at all anymore. 

    Either way, it's a lot easier for me to patch my apache servers behind the firewall than it is to patch the version on the UTM, so I can deal with that. 

    Thanks!