Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
There is a new Linux NetFilter kernel flaw that allows unprivileged local users to escalate their privileges to root level, giving them complete control over the system. The vulnerability has been assigned the CVE-2023-32233 identifier, but its severity level has not yet been determined.
Netfilter nf_tables accepts invalid configuration updates, allowing specific scenarios in which invalid batch requests corrupt the subsystem’s internal state. In Linux-based systems, including servers and routers, Netfilter provides packet filtering and network address translation (NAT).
The vulnerability can be exploited to perform arbitrary reads and writes in the kernel memory by corrupting the system’s internal state, according to a new advisory published by researchers. They revealed on the Openwall mailing list that a proof-of-concept (PoC) exploit was created to demonstrate the exploitation of CVE-2023-32233.
The issue appears to have been reproduced against multiple Linux kernel releases, including Linux 6.3.1 (current stable). A mitigating factor for CVE-2023-32233 is that remote attackers first must establish local access to a target system to exploit it.
Other Vulnerabilities
It is not the first time a security flaw has been found in the Linux kernel. In recent years, a number of vulnerabilities have been discovered, highlighting the importance of regular security patches and updates.
For example, in 2021, cybersecurity specialists at Qualys found that the LPE security bug tracked as CVE-2021-33909 was present in the filesystem layer utilized to manage user data, a feature universally used by all important (Linux) operating systems.
Linux systems are not only attractive to malicious actors – as they enable important IT infrastructure for businesses – but they are also an easier target, as cybersecurity teams tend to focus on the Windows networks instead in their fight against cybercrime.
It is imperative to protect devices from potential threats as they become increasingly connected to the internet. You can read more about Linux patch management, in our colleague`s article.
Furthermore, remember that with automated patch management software, you can be sure that the vulnerabilities and threat actors will not interfere with your systems. Heimdal`s Patch & Asset Management may come to your help, as it is a complete, all-encompassing patch management solution that can inventory hardware and software assets, uncover historical vulnerabilities, and patch current Linux applications. Patches, updates, and hotfixes from proprietary, third-party, and OS-specific sources are all supported by the solution.
Heimdal® Patch & Asset Management Software
- Schedule updates at your convenience;
- See any software assets in inventory;
- Global deployment and LAN P2P;
- And much more than we can fit in here...
The Exploit Goes Public Soon
According to BleepingComputer, the researchers shared their exploit privately with the Linux kernel team to assist them in developing a fix and included a link to a detailed description of the employed exploitation techniques and the source code of the PoC.
According to the linux-distros list policy, the exploit must be published within 7 days from this advisory. In order to comply with that policy, I intend to publish both the description of exploitation techniques and also the exploit source code on Monday 15th.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube, for more cybersecurity news and topics.
