Feb 03 2024

HACKING DEBIAN, UBUNTU, REDHAT& FEDORA SERVERS USING A SINGLE VULNERABILITY IN 2024

Category: Hacking,Linux Security,Security vulnerabilitiesdisc7 @ 11:47 am
Hacking Debian, Ubuntu, Redhat& Fedora servers using a single vulnerability in 2024

The recent discovery of a significant flaw in the GNU C Library (glibc), a fundamental component of major Linux distributions, has raised serious security concerns. This flaw grants attackers root access, posing a critical threat to the security of Linux systems.

  • Vulnerability in GNU C Library (glibc): The GNU C Library, commonly known as glibc, is an essential part of Linux distributions. It provides the core libraries for the system, including those used for file handling, mathematical computations, and system calls.
  • Root Access Granted: The flaw discovered in glibc allows attackers to gain full root access to Linux machines. Root access means having complete control over the system, enabling an attacker to perform any action, including installing software, accessing all files, and modifying system configurations.

CVE ID: CVE-2023-6246

  • Description: This vulnerability is related to a dynamic memory buffer overflow and is classified as a Local Privilege Escalation (LPE) issue. It was found in glibc’s __vsyslog_internal() function, which is called by the widely-used syslog and vsyslog functions.
  • Impact: The flaw allows unprivileged attackers to gain root access on various major Linux distributions in their default configurations. This level of access can enable attackers to take complete control over the affected system.
  • Severity: Given its potential for granting root access, this vulnerability is considered highly severe.

HOW THE FLAW WORKS

  • Local Privilege Escalation: The vulnerability is a local privilege escalation (LPE) issue. This means that an attacker who already has access to the system (even with limited privileges) can exploit this flaw to gain root-level access.
  • Exploitation Requirements: To exploit this flaw, attackers need a Set-User-ID (SUID) binary. SUID is a special type of file permission that allows users to execute a program with the permissions of the file owner, which in many cases is the root user.

IMPACT AND SEVERITY

  • Widespread Impact: Given the ubiquitous use of glibc in Linux distributions, the impact of this vulnerability is widespread, affecting a vast number of systems and applications.
  • High Severity: The flaw is considered high severity due to its potential to grant attackers complete control over the affected systems.

MITIGATION AND RESPONSE

  • Disabling SUID Binaries: One suggested mitigation is to disable SUID binaries using “no new privileges” mode, which can be implemented with tools like systemd or bwrap.
  • Patch and Update: Users and administrators are urged to apply patches and updates provided by their Linux distribution as soon as they become available. Staying updated is crucial in preventing the exploitation of this vulnerability.
Hacking Debian 12, 13, Ubuntu 22.04, 23.04 & Fedora 37, 38 servers using a single vulnerability

The discovery of the glibc flaw that grants root access to major Linux distributions is a stark reminder of the importance of system security and the need for constant vigilance. Users and administrators must take immediate action to mitigate the risk by applying patches and employing security best practices. As Linux continues to be a backbone for many systems and networks, ensuring its security is paramount for the integrity of countless applications and services.

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: HACKING DEBIAN, REDHAT& FEDORA, UBUNTU

Jul 28 2023

VERSIONS OF UBUNTU PRIOR TO 23.04 CAN BE HACKED THANKS TO THESE 2 SEVERE SECURITY FLAWS

Category: Hacking,Linux Securitydisc7 @ 9:43 am
Versions of Ubuntu prior to 23.04 can be hacked thanks to these 2 severe security flaws

Two vulnerabilities in the Linux operating system Ubuntu have been found by researchers. Both of these vulnerabilities have the ability to offer attackers elevated privileges.There have been indications that a vulnerability that allows for an increase in privilege may be detected in the OverlayFS module of Ubuntu operating systems.

A Linux filesystem known as OverlayFS has seen significant adoption in the container industry. OverlayFS makes it possible to deploy dynamic filesystems while maintaining compatibility with pre-built images.

CVE-2023-23629

When invoking the ovl_do_setxattr function on Ubuntu kernels, the ovl_copy_up_meta_inode_data module has the potential to bypass permission checks. This vulnerability occurs as a result. This vulnerability has been assigned a CVSS score of 7.8, which is considered to be High.

CVE-2023-2640

There is a flaw in Ubuntu known as SAUCE: overlayfs bypass permission checks for trusted that leads to this vulnerability.overlayfs. * xattrs. * xattrs.

This vulnerability may be exploited by an attacker who does not have rights by establishing privileged extended attributes on the mounted files and then setting them on the other files without necessary checks being performed. This vulnerability has been assigned a CVSS score of 7.8, which is considered to be High.

The Ubuntu Patch from 2018 is in Conflict with the Linux Kernel Project from 2019 and 2022.

Since the OverlayFS module may be used by non-privileged users via user namespaces, it is a perfect candidate for local privilege escalation. In 2018, Ubuntu released patches that addressed these security flaws.

Despite this, researchers working for Wix discovered that the Linux Kernel Project released many new versions in the years 2019 and 2022.

There was a problem between the older patches and the most recent version as a direct consequence of the changes that were made to the OverlayFS module.

These exploits are already accessible to the public in their exploitable forms. It is strongly advised that anyone using Ubuntu versions earlier than 23.04 update to the most recent release in order to prevent these vulnerabilities from being exploited. On the other hand, the majority of cloud security providers (CSPs) have been using insecure versions of the Ubuntu Operating System as their default system.

Researchers believe that around forty percent of computers running Ubuntu might have been affected by the issue, making the anticipated scope a large one. According to Canonical, the business that is responsible for Ubuntu and also operates for profit, the desktop version of the software was installed more than 20 million times in 2017. Ubuntu has issued a security alert that addresses many vulnerabilities and gives credit to the researchers who discovered them.

Mastering Linux Security and Hardening: Protect your Linux systems from intruders, malware attacks, and other cyber threats

InfoSec books | InfoSec tools | InfoSec services

Tags: Mastering Linux Security and Hardening, UBUNTU