testuser
By:
testuser

security email from digital ocean - what setps i need to follow ?

September 19, 2017 362 views
Security Ubuntu Ubuntu 16.04

I got below email from digital ocean. we created many droplets in digital ocean. so is the below email indicates any of the droplet if attacked ? what i need to do now ?

Hi there,

< TLDR: A long-standing vulnerability has been identified which affects some 1-Clicks running MySQL. We strongly recommend that you run this script to see if your Droplet is impacted and update your credentials if necessary. > If you changed your debian-sys-maint MySQL user credentials upon install, you are not impacted by the vulnerability and no action is required.

Here are the 1-Clicks impacted and potentially remotely exploitable unless you have taken action to change the debian-sys-maint password:
MySQL and PHPMyAdmin
LAMP, LEMP
WordPress
OwnCloud
We will be issuing a public notice regarding this issue, but first wanted to ensure our impacted users had time to take action. As part of our verification process, we have discovered that images on other cloud providers also have this mis-configuration. Please consider updating any instances you have there as well; you can use the script we’ve created (it works on Debian and Ubuntu MySQL/MariaDB installations).

We have changed our 1-Clicks to ensure that all future Droplets will have unique, auto-generated passwords for this user.

If you have any questions, please contact our support team.

Thanks,
DigitalOcean

1 comment
Be the first one to answer this question.