Monday, June 18, 2012

Rackspace Cloud Servers: Security Pre-Advisory


A number of security vulnerabilities exist in the default Rackspace Cloud Servers configuration.  Rackspace was notified of these issues, and acted quickly to improve the default configuration for new servers, but existing servers may still be vulnerable.

Further details will be released in about one week (roughly June 25th).  In the meantime, it is highly recommended that administrators of servers on the Rackspace Cloud Servers platform:

  1. Ensure the root password has not been changed without your knowledge (i.e. make sure it is what you think it is),
  2. Change the root password, using the passwd command within the server itself and NOT the "Reset Root Password" option on the control panel,
  3. Make sure that remote root SSH logins are disabled (PermitRootLogin no in sshd_config), and
  4. Verify that no unauthorized remote access has occurred via the root login.

These actions, combined with Rackspace's fixes, should ensure that attackers with knowledge of the issues cannot use them to gain unauthorized access to your system.  Rackspace support may be able to assist you with performing these steps.