skout-blog

Cybersecurity Threat Advisory 0056-21: Root Access by Way of Linux Kernel Bug

Threat Update

Qualys’ research team has discovered a pair of vulnerabilities in the Linux operating system. While one is a local privilege escalation (LPE) vulnerability, the other vulnerability is a stack exhaustion denial-of-service (DOS) vulnerability in the system. Both of these can be exploited by an unprivileged user. Both vulnerabilities affect an integral part of the Linux operating system, which increases the need for remediation. A patch has been released for both vulnerabilities and should be immediately applied.

Technical Detail & Additional Information

WHAT IS THE THREAT?

As previously stated, the LPE and the stack exhaustion vulnerability can be exploited by an unauthorized user. The local privilege escalation vulnerability located in the file system layer of Linux affects a multitude of Linux distributions, i.e. Ubuntu 21.04, Debian 11, and more. Researchers were able to successfully exploit the vulnerability to obtain full root privileges on a default installation by way of an integer overflow. The integer overflow is caused by a size_t to int type conversion creating a variable type too small to hold. The LPE vulnerability, if exploited, allows unprivileged attackers to gain root privileges in default configurations of the filesystem layer. On the other hand, the stack exhaustion vulnerability affects systemd in that once the mountpoint exceeds about 8MB the system crashes and denial of service ensues.

WHY IS IT NOTEWORTHY?

Without prompt remediation, these vulnerabilities can wreak havoc on one’s system. The local privilege escalation vulnerability affects the filesystem layer of Linux, which is where Linux typically operates utilizing the filesystem for “user” or “ls” command, user data, etc. Therefore, this vulnerability does not only affect the default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation but also other Linux distributions. These other distributions are also vulnerable and most likely exploitable. The stack exhaustion DOS vulnerability affects systemd, a software suite in most Linux-based operating systems that provides a system and service manager that runs as PID 1 and starts the rest of the system, according to Qualys. Both systemd and filesystem layer play a vital role in the Linux OS, and remediations should be taken seriously.

WHAT IS THE EXPOSURE OR RISK?

When an LPE is exploited, the threat actor has gained root access to the system which will allow them to alter and delete data as well as install malware on the system. As for the stack exhaustion DOS vulnerability, the attack is meant to crash the OS causing a kernel panic. This can be used as a means to distract the users from realizing that another attack that might be in progress.

WHAT ARE THE RECOMMENDATIONS?

SKOUT Recommends:

  • Update and patch Linux operating systems immediately.
  • Always change the default credentials and use a strong password.
  • Run quarterly scans on your device to ensure there is no malicious activity as well for vulnerabilities.

REFERENCES

For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact our Security Operations Center.