The importance of patch management after serious Linux vulnerabilities 0 139

  • The open-source Linux operating system is used by most of the servers on the internet as well as in smartphones, with an ever-growing desktop user base as well.
  • The bug known as Dirty Cow (CVE-2016-5195) – named as such since it exploits a mechanism called “copy-on-write” and falls within the class of vulnerabilities known as privilege escalation. This would allow an attacker to effectively take control of the system.
  • Patch management should be a core consideration for all IT systems, whether they are servers or workstations, and of course regardless of the operating systems used.
Serious Linux vulnerabilities

In recent news there have been a number of serious vulnerabilities found in various Linux systems. Whilst OS vulnerabilities are a common occurrence, it’s the nature of these that have garnered so much interest.

The open-source Linux operating system is used by most of the servers on the internet as well as in smartphones, with an ever-growing desktop user base as well.

Open-source software is typically considered to increase the security of an operating system, since anyone can read, re-use and suggest modifications to the source code – part of the idea being that many people involved would increase the chances of someone finding and hopefully fixing any bugs.

With that in mind let’s turn our sights on the bug known as Dirty Cow (CVE-2016-5195) found in October – named as such since it exploits a mechanism called “copy-on-write” and falls within the class of vulnerabilities known as privilege escalation. This would allow an attacker to effectively take control of the system.

What makes this particular vulnerability so concerning however isn’t the fact that it’s a privilege escalation bug, but rather that it was introduced into the kernel around nine years ago. Exploits already taking advantage of Dirty Cow were also found after the discovery of the bug by Phil Oester. This means that a reliable means of exploitation is readily available, and due to its age, it will be applicable to millions of systems.

Whilst Red Hat, Debian and Ubuntu have already released patches, millions of other devices are still vulnerable – worse still is the fact that between embedded versions of the operating and older Android devices, there are difficulties in applying the updates, or they may not receive any at all, leaving them vulnerable.

Next, let’s have a look at a more recent vulnerability which was found in Cryptsetup (CVE-2016-4484), which is used to set up encrypted partitions on Linux using LUKS (Linux Unified Key Setup). It allows an attacker to obtain a root initramfs shell on affected systems. At this point, depending on the system in question, it could be used for a number of exploitation strategies according to the researchers whom discovered the bug, namely:

  • Privilege escalation: if the boot partition is not encrypted:
    • It can be used to store an executable file with the bit “SetUID” enabled. Which can later be used to escalate privileges by a local user.
    • If the boot is not secured, then it would be possible to replace the kernel and the initrd image.
  • Information disclosure: It is possible to access all the disks. Although the system partition is encrypted it can be copied to an external device, where it can be later be brute forced. Obviously, it is possible to access to non-encrypted information in other devices.
  • Denial of service: The attacker can delete the information on all the disks, causing downtime of the system in question.

Whilst many believe the severity and/or likely impact of this vulnerability has been exaggerated considering you need physical or remote console access (which many cloud platforms provide these days), what makes it so interesting is just how it is exploited.

All you need to do is repeatedly hit the Enter key at the LUKS password prompt until a shell appears (approximately 70 seconds later) – the vulnerability is as a result of incorrect handling of password retries once the user exceeds the maximum number (by default 3).

The researchers also made several notes regarding physical access and explained why this and similar vulnerabilities remain of concern. It’s generally accepted that once an attacker has physical access to a computer, it’s pwned. However, they highlighted that with the use of technology today, there are many levels of what can be referred to as physical access, namely:

  • Access to components within a computer – where an attacker can remove/replace/insert anything including disks, RAM etc. like your own computer
  • Access to all interfaces – where an attacker can plug in any devices including USB, Ethernet, Firewire etc. such as computers used in public facilities like libraries and internet cafes.
  • Access to front interfaces – usually USB and the keyboard, such as systems used to print photos.
  • Access to a limited keyboard or other interface – like a smart doorbell, alarm, fridge, ATM etc.

Their point is that the risks are not limited to traditional computer systems, and that the growing trends around IoT devices will increase the potential reach of similar attacks – look no further than our last article on DDoS attacks since IoT devices like printers, IP cameras and routers have been used for some of the largest DDoS attacks ever recorded.

This brings us back around to the fact that now, more than ever, it’s of critical importance that you keep an eye on your systems and ensure any vulnerabilities are patched accordingly, and more importantly – in a timeous manner. Patch management should be a core consideration for all IT systems, whether they are servers or workstations, and of course regardless of the operating systems used.

To this end ESET formed another Technology Alliance with software vendor Flexera, whom recently acquired the well-known security vendor, Secunia. Through this partnership, ESET now also offers Corporate Software Inspector, one of the most popular and established patch management solutions on the market. Their 2016 review indicated that the number of vulnerabilities detected in 2015 was 16081, which were “discovered in 2484 applications from 263 vendors” and shows a worrying “39% increase over the course of the five-year trend and a 2% increase from 2014 to 2015.”

Keep an eye out for coming news, material and demos regarding Corporate Software Inspector, or contact us.

Previous ArticleNext Article

ICT ministers reiterate need for Africa to be involved in cyber security 0 346

ICT ministers reiterate need for Africa to be actively involved in cyber-security, cybercrime

On Thursday 23rd November, African Ministers of Communication and Information Technologies gathered in Addis Ababa for their second ordinary session of the Specialized Technical Committee on Communication and ICT (STC CICT-2) to discuss and make decisions regarding continental and regional programmes that impact Africans in the communications and ICT sectors.

The Ministerial Conference was officially opened by Mr Cheikh Bedda, Director, Infrastructure and Energy Department, on behalf of the Commissioner, Dr. Amani Abou-Zeid Commissioner for Infrastructure and Energy of the African Union, under the chairmanship of Honorable H.E. Mr Modibo Arouna Touré, Minister of Digital Economy and Communication of the Republic of Mali.

Mr Bedda emphasized “The AU Commission strongly believes that the building of Africa’s information society requires a secure and safe Cyber space, an appropriate infrastructure and efficient coordination and adequate harmonized legal and regulatory frameworks”. He went on to mention that “The AU Commission developed a Convention on Cyber legislation for the continent that adheres to the legal and regulatory requirements on electronic transactions, cyber security, and personal data protection. The Convention was adopted by AU Assembly in June 2014,”

The main topics discussed in this conference centered around the evolution of the information society in Africa and its ongoing digital transformation, namely: the intra Africa connectivity; access to broadband Internet; delivery of digital services and digital literacy of the African citizens.

“The Governance of the Internet is a concern to all of us because it is in the heart of economic, political, geopolitical stakes at the national level. For this particular reason it becomes imperative for Africa to become actively involved in the dynamics of Internet Governance, Cybersecurity, and Cybercrime” – Minister Modibo Arouna Touré, Chair of the STC on Communication and ICT

 

The meeting elected the following Members to the Bureau of the CCICT-2 for the next 2 years:

  • Eastern Africa: Ethiopia- Chair of the Bureau;
  • Central Africa: Congo- 1st Vice Chair of the Bureau;
  • Northern Africa: Tunisia- 2nd Vice Chair of the Bureau;
  • Southern Africa: South Africa- 3rd Vice Chair of the Bureau;
  • Western Africa: Ghana- Rapporteur of the Bureau

This second 2017 ordinary session of the Specialized Technical Committee (STC) on Communication and ICT ended on Friday November 24, 2017.

 

ESET Security for IoT 0 218

IoT

IoT is a phrase used often in the cyber security space, but what does it really mean? IoT stands for Internet of Things and to put it simply, refers to any device that can be connected to the internet. This is no longer just computers or cellphones but also refers to Smart TV’s and fridges, coffee machines, headphones, speakers, wearable tech, cars and soon enough, pretty much anything.

A more formal definition of IoT given by TechTarget

The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

With all of these connections, IoT provides endless opportunities but also poses dangers.

These dangers include:

  • Your devices being used to spy on you using capabilities such as cameras or voice recording software
  • Devices being hacked to obtain personal information or to take over functionality of the device
  • In addition to this, having multiple devices connected to the internet opens further opportunities for these devices to bypass firewalls and access other devices on your network.

To help protect your IoT devices, your home network, and even your favorite shopping or social website—ESET has enhanced the Connected Home Monitor feature within its recently released home products, available to try or upgrade to for free.

How the ESET connected home monitor addresses these dangers

The ESET connected home monitor includes IoT vulnerability detection, a router-connected smart devices test, and a catalog list of connected devices on your network.

Connected home monitor

The enhanced feature is continuously updated to detect and alert you to new devices connected to your network, as well as the latest vulnerabilities affecting your devices. If a vulnerability is found in a device, ESET will report the cause and possible steps you can make to fix it, such as changing default configurations or updating the device’s firmware from the manufacturer.

Start protecting your home today with ESET’s home security products – click here.