Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs. Understanding and mitigating the vulnerabilities in the Linux kernel is essential in safeguarding you...
Imagine your most sensitive and critical information being made accessible to threat actors without your permission or knowledge. This is exactly what a new information disclosure flaw discovered in the Linux kernel up to 5.17 could result in. As a Linux admin, staying up-to-date on vulnerabilities like this one is crucial to keeping your critical systems and confidential data secure. To help you understand and protect against this kernel bug, we'll explore its implications for security practitioners and the long-term consequences it may bring. We'll also explain how to secure your systems against this dangerous kernel flaw.
Four significant vulnerabilities have been discovered in the GNU C Library (glibc), a fundamental component of most Linux distributions. These vulnerabilities pose a significant risk to millions of Linux systems, as they can allow attackers to gain full root access and execute remote code on affected systems.
Vulnerabilities in the Linux kernel are an unfortunate reality of open-source software, as no code is ever perfect. While the open-source community overall does an excellent job finding and patching bugs, zero days will occasionally slip through. Recently, security researchers discovered yet another local privilege escalation vulnerability that impacts all versions of the Linux kernel.
Vulnerabilities have been discovered in Bluetooth technology that affect various operating systems. As Linux admins, infosec professionals, Internet security enthusiasts, and sysadmins, it is crucial to understand the implications of these vulnerabilities and the impact they may have on our work. Let's have a closer look at these flaws, how they work, their impact on Linux users, and how to mitigate your risk.
In the wake of the infamous “Terrapin vulnerability,” which allows a man-in-the-middle (MITM) attacker to access impacted users’ sensitive information in transit, Debian and Ubuntu have released security updates addressing five OpenSSH flaws. Let's explore the intricacies of these vulnerabilities, how they work, and recommended measures to fortify your OpenSSH environment.
Researchers recently uncovered a sophisticated attack dubbed Terrapin that takes advantage of a weakness in the SSH protocol to gain access to servers. The attack targets a specific implementation issue in OpenSSH 7.2 through 8.8 that allows remote code execution. By sending carefully crafted data, attackers can overflow the stack buffer and execute commands, leading to complete server compromise.
Ansible is a widely used open-source configuration management and automation tool popular among Linux system administrators. A vulnerability recently disclosed in Ansible could allow attackers to access sensitive information on servers Ansible manages. This is a serious issue that Linux admins and IT teams need to take action on.
It was discovered that the HAProxy load balancing reverse proxy incorrectly handled URI components containing the hash character (CVE-2023-45539). This vulnerability is very straightforward for a remote attacker to exploit and severely threatens impacted users’ sensitive information, making it among the worst bugs we’ve seen in a while!
A severe use-after-free vulnerability has been found in Chromium (CVE-2023-5472), which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability, which Chromium has rated as “high-severity”, is related to a bug in the webRTC (Real-time Communication) functionality.
A newly discovered vulnerability in Bluetooth affects Android, Apple, and Linux devices and could be used to inject keystrokes into devices using a man-in-the-middle attack.
LockBit ransomware is exploiting a critical Citrix bleed vulnerability to break into enterprise networks. The malware spreads via infected USB sticks and allows hackers to steal data and install more malware.
Several vulnerabilities have been found in the widely used Xorg X server, the most severe being an out-of-bounds write flaw due to an incorrect calculation of a buffer offset (CVE-2023-5367). Due to how easy this vulnerability is to exploit and its significant threat to the confidentiality, integrity, and availability of impacted systems, this bug has received a National Vulnerability Database base score of 7.8 out of 10 (“High” severity).
The Curl application is a tool many software programs use to transmit various types of data to and from servers. It's essentially a workhorse allowing the other programs on your computer to communicate with the internet in a standard and efficient manner.
Uncontrolled Recursion has been discovered in pdfinfo and pdftops in version 0.89.0 of the Poppler PDF rendering library (CVE-2020-23804). This severe stack overflow vulnerability, which has received a National Vulnerability Database base score of 7.5 out of 10, significantly threatens the availability of impacted systems.
A severe, remotely exploitable Type Confusion vulnerability has been found in Chromium (CVE-2023-5346). Due to its significant threat to the confidentiality, integrity, and availability of impacted systems, this bug has received a National Vulnerability Database base score of 8.8 out of 10 (“High” severity).
A notorious buffer overflow vulnerability dubbed “Looney Tunables” was recently found in the GNU C Library. This severe bug exists in the glibc dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable (CVE-2023-4911). This vulnerability was introduced in April 2021 and poses a significant threat to systems with default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13.
Three critical security vulnerabilities have been discovered in the widely-used Exim open-source email transfer agent, including a NTLM challenge out-of-bounds read information disclosure bug (CVE-2023-42114), a AUTH out-of-bounds write remote code execution (RCE) vulnerability (CVE-2023-42115), and a SMTP challenge stack-based buffer overflow RCE flaw (CVE-2023-42116).
Several significant security issues were fixed in Node.js, including two critical vulnerabilities that have received a National Vulnerability Database base score of 9.8 out of 10. CVE-2019-15605 is an HTTP request smuggling bug in Node.js 10, 12, and 13 that causes malicious payload delivery when transfer-encoding is malformed, and CVE-2019-15606 is an authorization bypass issue in Nodejs 10, 12, and 13.
A critical zero-day vulnerability that has been exploited in the wild was discovered in Firefox and Thunderbird. This severe bug, CVE-2023-4863, is a heap buffer overflow flaw in the WebP image format.
