CloudLinux AI-Bolit Eval Injection Vulnerability Allowing Root File Overwrite
Vulnerability
A vulnerability allowing eval injection has been identified in the CloudLinux AI-Bolit malware de-obfuscation routines, in versions prior to 32.7.4. This vulnerability enables attackers to overwrite arbitrary files as root by scanning a crafted file. The issue arises because the de-obfuscation functions execute strings extracted from scanned files without proper filtering, allowing malicious payloads to invoke arbitrary PHP functions.
Impact
Exploitation of this vulnerability could lead to unauthorized file modifications with root privileges.
Remediation
Users are advised to upgrade the AI-Bolit package to version 32.7.4-1 or later. For CentOS 6, a backported fix is available as version 32.1.10-2.32.7.4. If an immediate upgrade is not possible, all types of file scans can be disabled until the patch is applied.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.