Articles in this section

See more

[Vulnerability] VM created with Debian 10 template from TDN may be compromised via user debianuser

Avatar
Bato Tsydenov
Updated
Follow

Applicable to:

  • SolusVM

Situation

Note: The situation is actual for the Debian 10 KVM templates downloaded from TDN earlier than Feb 3, 2021 03:30 am(UTC).

VM created with the affected templates may be compromised via user debianuser. The debianuser can run cnrig process, which is related to CryptoNight malware.

Impact

VPS compromising.

Call to Action

For new VPSes

Re-download the template on SolusVM master and slave nodes:

# wget https://templates.solusvm.com/kvm/linux-debian-10-x86_64-gen2-v2.gz -O /home/solusvm/kvm/template/linux-debian-10-x86_64-gen2-v2.gz
# wget https://templates.solusvm.com/kvm/linux-debian-10-x86_64-gen2-v1.gz -O /home/solusvm/kvm/template/linux-debian-10-x86_64-gen2-v1.gz

For existing VPSes

The best practice is to migrate the data to another VPS. If the migration is not the option remove the user debianuser, setup SSH key authentication and disable password authentication:

  1. Connect to a Debian 10 VPS via SSH
  2. Remove debianuser user:

    # deluser --remove-all-files debianuser

  3. Create SSH key pair for SSH access using this article: 
    https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54
  4. Disable PasswordAuthentication in /etc/ssh/sshd_config and restart SSH:

    # service ssh restart

  5. Double-check that you can still get in (open a new session and test it out) before you exit your active SSH session
Was this article helpful?
8 out of 16 found this helpful
Return to top

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles