News

Leak in web interface Pi-Hole made remote code execution possible

By admin
Spread the love

A security researcher has discovered a vulnerability in Pi-Hole that allowed remote code execution. That has now been resolved. Attackers could also exploit the vulnerability from outside if they could log into the interface.

The flaw was in the way users had to enter MAC addresses in the web interface. The researcher writes that the application did not correctly validate the input. It was therefore possible to enter arbitrary code instead of a MAC address. There are some obstacles to this method, however. For example, that code may not contain capital letters, while Linux commands are case sensitive. Also, an attacker must be able to log in to the web interface in the first place. Not all Pi-Hole users have their system open to the outside.

The discoverer says he found 150 Pi-Hole machines via Shodan that were accessible from the internet. The vulnerability is in version 4.3.2 of Pi-Hole. That is the version from September 2019. Newer versions have since been released in which the leak has been fixed, after the researcher told the makers.

You might also like
News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

Rumor: First Macs with M3 sockets coming in October

News

AMD: Intel’s proposal for 64bit-only x86 architecture is very interesting