OVH / SYS Linux Dedicated Servers - Required Security Update (You May Be Affected)
Emails should have been sent to all affected users with Linux dedicated servers at OVH / SYS running the old RTMv1 software. The RTMv1 software was installed by default and is used for monitoring different aspects of your server.
OVH conveniently omitted our name, but the flaw was found by RACK911 Labs and under certain circumstances could allow a malicious user to overwrite any file on the server.
Here is the original email for anyone who didn't receive it and wants to confirm that they are using RTMv2:
As a customer with one or more dedicated SYS servers, during installation, you have the possibility to deploy the Real Time Monitoring (RTM) component developed by our teams to monitor your machines.
A security researcher has identified a minor vulnerability on the old version of the RTMv1 monitoring tool, which can be deployed on SYS Linux dedicated servers.
This vulnerability allows an non-privileged user (without access to the "root" user), but already having access to the server, to arbitrarily overwrite any file in the system, via a character string generated by RTMv1.
To our knowledge, this flaw has not yet been exploited. In addition, it is not possible for an attacker to retrieve any data.
A new version of the RTM component (RTMv2), not affected by this vulnerability, has been deployed for new Linux server installations since January 28, 2019 in Europe and since April 10, 2019 throughout all our other data centers.
Some of your services still use the old version of this component:
We strongly recommend that you upgrade to RTMv2 to protect your services. If necessary, a guide is available at the following link.
The SYS Security Team
Patrick / RACK911 Labs
https://HostingSecList.com - Security notices for the hosting community.