Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.
This week we’re going to talk about the latest attacks, vulnerabilities and threats discovered in the last few months.
1. Have you heard about “Dirty Pipe”? Also known as CVE-2022-0847, it’s a vulnerability in the Linux kernel, used in many ways: to add SSH keys to the root user account; to start a cron job that runs as a backdoor; to hijack an SUID binary to create a root shell; to allow untrusted users to overwrite data in read-only files; and more. Dirty Pipe is particularly severe in the context of Android devices. This vulnerability appeared in version 5.8 and was fixed in versions 5.16.11, 5.15.25, and 5.10.102 of the Linux kernel.
2. Have you heard about “Symbiote”? It’s a relatively new kind of malware: instead of being a standalone executable, it is a library loaded into all running processes using
LD_PRELOAD. It also uses a relatively novel vector of attack: Berkeley Packet Filters, or BPF, previously used by other malware such as BPFDoor (revealed in May) and Bvp47 (last year).
3. Have you heard about “PwnKit”? Also known as CVE-2021-4034, it allows attackers to execute commands as another user, potentially granting them administrative rights on the target machine. And yes, there exists evidence of active exploitation of this vulnerability in the wild.
4. Have you heard about “PACMAN”? No, not the game, but the hardware attack on the Apple M1 CPU. This vulnerability, discovered by researchers at MIT, does not require physical access to the machine. Don’t worry, though; on its own, it can’t be used to compromise a system. Sadly, being a hardware issue, it cannot be patched through software, although its effects can be foreseen and mitigated via software patches.
5. Have you heard about “Hertzbleed”? Also known as CVE-2022-23823, it affects AMD and Intel processors via a feature called frequency scaling, and may allow authenticated attackers to execute a timing attack, and to potentially enable information disclosure. The full source code of the experiments is available on GitHub.
Have your systems been a victim of any of these vulnerabilities? Have you set up any protection measures lately? Would you like to share any other attack vector with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.
PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.
PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.
PS3: check out our previous VSHN.timer editions about Security: #8, #17, #22, #27, #32, #44, #54, #62, #76, #84, #93, #106, #117, #128, and #142.