a critical vulnerability has been detected in one of the software libraries used by DHIS 2. This vulnerability allows an attacker to run remote commands on the server as the user running Tomcat/DHIS 2.
We have patched all DHIS 2 versions from 2.21 to 2.26 / master. You can find new WAR file builds here:
We strongly recommend all DHIS 2 server admins to upgrade immediately to a patched version.
Keep in mind that your server might already be compromised. As a result one should look for suspicious activity on the server (bandwidth usage, tmp folders, etc). If you run Tomcat as a user with sudo privileges (not recommended) this means that your server might be fully compromised. To be on the absolute safe side it might be necessary to do a full wipe and re-install of your server environment.
On Mar 13, 2017 11:40 PM, “Lars Helge Øverland” lars@dhis2.org wrote:
Hi all,
a critical vulnerability has been detected in one of the software libraries used by DHIS 2. This vulnerability allows an attacker to run remote commands on the server as the user running Tomcat/DHIS 2.
We have patched all DHIS 2 versions from 2.21 to 2.26 / master. You can find new WAR file builds here:
We strongly recommend all DHIS 2 server admins to upgrade immediately to a patched version.
Keep in mind that your server might already be compromised. As a result one should look for suspicious activity on the server (bandwidth usage, tmp folders, etc). If you run Tomcat as a user with sudo privileges (not recommended) this means that your server might be fully compromised. To be on the absolute safe side it might be necessary to do a full wipe and re-install of your server environment.
On Tue, Mar 14, 2017 at 12:10 AM, Lars Helge Øverland lars@dhis2.org wrote:
Hi all,
a critical vulnerability has been detected in one of the software libraries used by DHIS 2. This vulnerability allows an attacker to run remote commands on the server as the user running Tomcat/DHIS 2.
We have patched all DHIS 2 versions from 2.21 to 2.26 / master. You can find new WAR file builds here:
We strongly recommend all DHIS 2 server admins to upgrade immediately to a patched version.
Keep in mind that your server might already be compromised. As a result one should look for suspicious activity on the server (bandwidth usage, tmp folders, etc). If you run Tomcat as a user with sudo privileges (not recommended) this means that your server might be fully compromised. To be on the absolute safe side it might be necessary to do a full wipe and re-install of your server environment.
On Tue, Mar 14, 2017 at 12:10 AM, Lars Helge Øverland lars@dhis2.org wrote:
Hi all,
a critical vulnerability has been detected in one of the software libraries used by DHIS 2. This vulnerability allows an attacker to run remote commands on the server as the user running Tomcat/DHIS 2.
We have patched all DHIS 2 versions from 2.21 to 2.26 / master. You can find new WAR file builds here:
We strongly recommend all DHIS 2 server admins to upgrade immediately to a patched version.
Keep in mind that your server might already be compromised. As a result one should look for suspicious activity on the server (bandwidth usage, tmp folders, etc). If you run Tomcat as a user with sudo privileges (not recommended) this means that your server might be fully compromised. To be on the absolute safe side it might be necessary to do a full wipe and re-install of your server environment.
On Tue, Mar 14, 2017 at 12:10 AM, Lars Helge Øverland lars@dhis2.org wrote:
Hi all,
a critical vulnerability has been detected in one of the software libraries used by DHIS 2. This vulnerability allows an attacker to run remote commands on the server as the user running Tomcat/DHIS 2.
We have patched all DHIS 2 versions from 2.21 to 2.26 / master. You can find new WAR file builds here:
We strongly recommend all DHIS 2 server admins to upgrade immediately to a patched version.
Keep in mind that your server might already be compromised. As a result one should look for suspicious activity on the server (bandwidth usage, tmp folders, etc). If you run Tomcat as a user with sudo privileges (not recommended) this means that your server might be fully compromised. To be on the absolute safe side it might be necessary to do a full wipe and re-install of your server environment.
Following this announcement by Lars back in March it is really
troubling to report that we are still hearing of servers being hacked
as a result of this vulnerability. The most recent case brought to my
attention just over a week ago (a tomcat server running as root with a
dhis2 war file from nov 2016). The server was collecting tracker
demographic data on patients and was cracked "wide open".
Please do ensure that you respond to these warnings responsibly.
apologies for cross-posting.
Regards
Bob
···
On 13 March 2017 at 18:10, Lars Helge Øverland <lars@dhis2.org> wrote:
Hi all,
a critical vulnerability has been detected in one of the software libraries
used by DHIS 2. This vulnerability allows an attacker to run remote commands
on the server as the user running Tomcat/DHIS 2.
We have patched all DHIS 2 versions from 2.21 to 2.26 / master. You can find
new WAR file builds here:
We strongly recommend all DHIS 2 server admins to upgrade immediately to a
patched version.
Keep in mind that your server might already be compromised. As a result one
should look for suspicious activity on the server (bandwidth usage, tmp
folders, etc). If you run Tomcat as a user with sudo privileges (not
recommended) this means that your server might be fully compromised. To be
on the absolute safe side it might be necessary to do a full wipe and
re-install of your server environment.