CVE-2023-32550
📋 TL;DR
CVE-2023-32550 exposes sensitive system information through Landscape's server-status page, including GET requests that could enable attackers to gather intelligence for further attacks against the Landscape API. This affects systems running vulnerable versions of Landscape with the server-status page accessible. The vulnerability allows information disclosure that could facilitate subsequent exploitation.
💻 Affected Systems
- Landscape
📦 What is this software?
Landscape by Canonical
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain sensitive system information and API details, enabling complete system compromise through follow-up attacks on exposed API endpoints.
Likely Case
Information leakage provides attackers with reconnaissance data about system configuration, potentially leading to targeted attacks against the Landscape API.
If Mitigated
Limited information exposure with no direct path to system compromise, though some reconnaissance data may still be available.
🎯 Exploit Status
Exploitation requires access to the server-status page but is straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Landscape updates for specific version
Vendor Advisory: https://bugs.launchpad.net/landscape/+bug/1929037
Restart Required: Yes
Instructions:
1. Update Landscape to the latest patched version. 2. Restart Landscape services. 3. Verify the server-status page no longer exposes sensitive information.
🔧 Temporary Workarounds
Disable server-status page
linuxPrevent access to the server-status page that exposes sensitive information
# Configure Landscape to disable server-status page access
# Edit Landscape configuration to restrict /server-status endpoint
Network access control
linuxRestrict network access to Landscape server-status page
# Use firewall rules to block access to Landscape server-status port
sudo ufw deny from any to any port <landscape-port>
# Or use iptables: sudo iptables -A INPUT -p tcp --dport <landscape-port> -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Landscape systems
- Deploy web application firewall (WAF) rules to block access to /server-status endpoints
🔍 How to Verify
Check if Vulnerable:
Attempt to access the Landscape server-status page (typically at http://<landscape-server>/server-status) and check if sensitive system information or API details are exposed.Check Version:
landscape-client --version or check Landscape package version via package managerVerify Fix Applied:
After patching, verify that accessing the server-status page no longer returns sensitive information or returns an access denied/not found response.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to /server-status endpoint
- Multiple failed authentication attempts following server-status access
Network Indicators:
- External IP addresses accessing Landscape server-status page
- Unusual traffic patterns to Landscape API following server-status access
SIEM Query:
source="landscape" AND (url="/server-status" OR url CONTAINS "server-status")