Code execution bug patched in Imunify360 Linux server security suite

A severe PHP deserialization vulnerability leading to code execution has been patched in Imunify360. 

Discovered by Cisco Talos researcher Marcin ‘Icewall’ Noga, the vulnerability “could cause a deserialization condition with controllable data and then execute arbitrary code,” leaving web servers open to hijacking. 

Tracked as CVE-2021-21956 and issued a CVSSv3 score of 8.2, the security flaw is present in CloudLinux’s Imunify360 versions 5.8 and 5.9. Imunify360 is a security suite for Linux web servers including patch management, domain blacklisting, and firewall features. 

In a security advisory published on Monday, Cisco Talos said the flaw was found in the Ai-Bolit malware scanner functionality of the software. 

The Ai-Bolit component is used to scan and check website-related files, such as .php, .js, or .html content, and is installed natively as a service with root privileges. Within a deobfuscation class of the module, a failure to sanitize data that has been submitted means that arbitrary code execution can be performed during unserialization. 

If the software is configured for real-time file system scanning, attackers could trigger an attack by creating a malicious file in the target server, or if a user is duped into performing a scan on a crafted payload file on behalf of

Read More: