RACK911Labs.ca security researchers identified a vulnerability in the BitNinja MalwareDetection module. The vulnerability is a symlink attack, allowing a remote attacker to delete root-owned files caused by a race condition in the quarantining process.
We have already patched the vulnerability by implementing the k-race algorithm and changing the effective user id of the module process. We released the fix with the agent version 2.23.5.
We also initiated an auto-upgrade for all agents, and most of them are already running the patched version. On some BitNinja protected servers, the automated upgrade process failed. To avoid any risk regarding this vulnerability we have disabled the malware detection module on every agent which is older than 2.23.5. version.
What to do?
Step #1
Check out your servers’ agent version on the Console. You can see it immediately when you sign in on the server card.
Step #2
Update the agent if it is older than the 2.23.5. version!
Debian, Ubuntu
If you use Debian or Ubuntu, use the following command: apt-get update apt-get install bitninja
CentOS
If you use CentOs, use this command: yum update bitninja
Step #3
Debian, Ubuntu
If the installation fails because of the GPG key, you can use the following commands to update: apt-get update apt-key adv --keyserver keys.gnupg.net --recv-key 7F8B47DC
If this doesn’t work, you can use this command: wget -O- http://apt.bitninja.io/7F8B47DC.gpg | apt-key add -
CentOS 6 EOL
If the agent update doesn’t work, you may run into this error message when trying to use yum to update your packages on your CentOS 6 server: yum update Loaded plugins: fastestmirror Setting up Update Process Determining fastest mirrors YumRepo Error: All mirror URLs are not using ftp, http[s] or file. Eg. Invalid release/repo/arch combination/ removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/base/mirrorlist.txt Error: Cannot find a valid baseurl for repo: base
The issue can be resolved by pointing your yum repository configuration to the latest 6.10 CentOs vault. You can find more information about the lifecycle of other CentOS versions on this link. After the repository configuration is done, BitNinja can be updated too alongside the other packages as usual.
How to fix the repo config in CentOS 6?
Issue this command to update the repo config file: curl https://www.getpagespeed.com/files/centos6-eol.repo --output /etc/yum.repos.d/CentOS-Base.repo
You can also update the repo config manually if you open the /etc/yum.repos.d/CentOS-Base.repo file and replace the content of the file with the text below.
Usually, it is not necessary to change the BitNinja.repo file. Still, the above-mentioned method doesn't work for some reason, or you want to make sure you can change the $releasever variable in the file to the OS version in CentOS 6’s case is number 6.
The file can be found at /etc/yum.repos.d/BitNinja.repo and it looks like on the screenshot below by default.
And change it to look like this one:
Step #4
After you have completed the installation of the new version of the agent, restart it manually.
And you are done!
Please feel free to contact our customer support if you need any help updating the agent on your servers. You can contact us via email or ping us on the console. Thank you for your cooperation!
Proactive Linux server protection from a centralized, easy-to-use console. Secure your web servers and customers’ websites against all kinds of cyber threats with our multi-layered security tool
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.