ConfigServer Firewall (CSF) vulnerabilities

ConfigServer Firewall (CSF) vulnerabilities

ConfigServer Security & Firewall is a stateful package inspection firewall, login/intrusion detection and security application for Linux servers.

WHMCS Complete Billing and Support

Recently two vulnerabilities were discovered in ConfigServer Security & Firewall version 6.40. Following are the ConfigServer Firewall (CSF) vulnerabilities.

[1] ConfigServer Firewall (CSF) – Log Forging (Deny IP) Vulnerability.

It is possible for a malicious user ro create forged log entries to trick the login failure daemon feature into believing that an IP address is attempting to brute force the server which will then block the IP address in question. Blocking the administrators, other users, other server and creating a DoS against the server is possible with this attack.

[2] ConfigServer Firewall (CSF) – Log Forging (SSH Login) Vulnerability.

It is possible for a malicious user to create forged log entries to trick the Login Failure Daemon into believing that a user has logged into the server via SSH or other services being monitored. This is more of a nuisance exploit than anything else, but could be used to create confusion and concern for administrators.

They have releases the versions v6.41 and v6.42 to add the options to mitigate this. For more details, please read their release note from the following URL:

http://www.configserver.com/free/csf/changelog.txt

Posted in Security.