Monday, May 23, 2022

Admins urged to patch SolarWinds Serv-U against vulnerability

IT administrators whose firms use SolarWinds’ Serv-U file transfer application are being urged to install an update after the discovery of a vulnerability.

Microsoft, which discovered the bug (CVE-2021-35247), described it as an “input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation.”

The discovery came when Microsoft saw suspicious attacks during its ongoing monitoring of threats trying to take advantage of the Log4j2 vulnerabilities.

SolarWinds issued an update for Serv-U, version 15.3, to patch the bug. It said the Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. The fix updates the input mechanism to perform additional validation and sanitization.

“No downstream effect has been detected as the LDAP servers ignored improper characters,” SolarWinds added.

CLARIFICATION: SolarWinds said Microsoft’s report described a threat actor attempting to login to Serv-U using the Log4j vulnerability, but that attempt failed because Serv-U does not utilize Log4j code.

Separately, a researcher at Akamai discovered evidence in a captured binary that the Mirai botnet is trying to exploit the Log4j2 vulnerability in network devices made by Zyxel.

However, he added, the LDAP server where the exploit was hosted was no longer active when researchers attempted to download the Java payload class.

“It could be that Zyxel was specifically targeted since they published a blog stating they were impacted by the log4j vulnerability,” blog author Larry Cashdollar said. Of all its products, only the company’s NetAtlas Element Management System is vulnerable. Zyxel issued a hotfix on Dec. 20, 2021, and full patches will be available at the end of February.

“The interesting thing about this malware is if you have automated string extraction utilities for malware samples that log to a vulnerable Log4j instance, this payload could execute,” he added. “Doing so could possibly, depending on your setup, infect your malware analysis system.  Again, patching your vulnerable systems is the key here to protect your servers from compromise.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.