Home » Cyber Security News » Ad Server Patched to Stop Possible Malware Distribution

Ad Server Patched to Stop Possible Malware Distribution

Revive Adserver patches two vulnerability, one of which may have been used to allow hackers to deliver malware to third-party websites.

UPDATE

The open-source advertising platform Revive Adserver is urging customers to patch two vulnerabilities, one of which is critical and may have been exploited to allow hackers to deliver malware to third-party websites.

Revive Adserver, formerly known as OpenX Source, is a free, open-source ad server, used by publishers, advertiser, ad agencies and ad networks to run and manage online ad campaigns. It urged all its customers last week to update to a new 4.2.0 version of its software, providing few details. Those that maintain the open-source Revive Adserver software said they can’t be sure how many are impacted by the bug. It estimates the number of users of its open-source software at “several thousands” and decline to share numbers of its hosted version of Revive Adserver.

One of the bugs is rated critical, with a CVSS score of 10, and classified as a “deserialization of untrusted data” vulnerability. This is a type of bug that occurs when untrusted data is used to abuse the logic of an application to trigger a denial-of-service attack, or execute arbitrary code upon it being deserialized, according to the description.

“It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third-party websites,” the bulletin added.

When asked to elaborate Erik Geurts told Threatpost on the behalf of Revive Adserver’s project team:

“We’ve seen people reporting issues with their self-hosted installation of the Revive Adserver software, for example on our community forums. We’ve tried contacting many of them to get more information, but much to our disappointment we’ve never been able to get anyone to help us with a more detailed investigation of their particular issue. Based on the reports we read, we started investigating the code some time ago, and that resulted in the discovery of some lines of code that an attacker could potentially use to compromise a self-hosted installation of the Revive Adserver software. Version 4.2 of the Revive Adserver software fixes this.”

The security bulletin stated that the vulnerability was discovered in the Revive Adserver’s delivery XML-RPC scripts. An XML-RPC is a remote procedure calling protocol that works over the internet. “Such vulnerability could be used to perform various types of attacks, e.g. ,exploit serialize-related PHP vulnerabilities or PHP object injection,” the description said.

The logistics of an attack include an adversary sending a specially crafted payload to the XML-RPC call script and triggering the “unserialize” call.

The second vulnerability has a much lower CVSS rating of 4.2. “A remote attacker can trick logged-in user to open a specially crafted link and have them redirected to any destination,” according to the vulnerability description.

Revive Adserver strongly advises users to upgrade to the most recent (4.2.0) version of Revive Adserver software. Alternatively, when that is not immediately feasible, the company “recommended users delete the “adxmlrpc.php, www/delivery/axmlrpc.php and www/delivery/dxmlrpc.php files.”

The vulnerability was disclosed via the HackerOne bug bounty program, and Matteo Beccati is credited for discovering the bug.

“Unfortunately, it is a fact of live that when people run a self-hosted version of our software, or of any open source software for that matter, it is possible that their system gets compromised. In some cases, this is actually not related to software bugs at all, but due to careless management of their servers, having weak passwords, and so on,” Geurts told Threatpost.

“We’ve also noticed that many people do not take care of upgrading their installation to the most recent version, for whatever reason. The same happens with many other open source tools, like for example WordPress. While we want to avoid a ‘blame the victim’ approach, we do regret that fact that there are people still using versions of the software that are over 5 years old, on servers running entirely outdated versions of PHP for example. We can’t force anyone to upgrade,” Geurts said.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket