Xs xprt free что это
Перейти к содержимому

Xs xprt free что это

  • автор:

Use After Free

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

  • Access Complexity: LOW
  • AccessVector: LOCAL
  • Authentication: NONE
  • Integrity Impact: COMPLETE
  • Confidentiality Impact: COMPLETE
  • Availability Impact: COMPLETE

CWE-416 — Use After Free

Use-after-free (UaF) vulnerability occurs when the application is using a pointer to memory that has been freed. Any attempt to read/write to a buffer after it is de-allocated allows memory corruption, sensitive information exposure, and can potentially lead to arbitrary code execution.

Уязвимость BDU:2022-02112

Наименование уязвимости: Уязвимость реализации функции xs_xprt_free() системы удаленного вызова процедур Sun RPC (Open Network Computing Remote Procedure Call) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании.

Описание уязвимости: Уязвимость реализации функции xs_xprt_free() системы удаленного вызова процедур Sun RPC (Open Network Computing Remote Procedure Call) ядра операционных систем Linux связана с ошибками управления состоянием. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании
Уязвимое ПО: Операционная система ООО «Ред Софт» РЕД ОС 7.3 | Операционная система Linux до 5.17.2 включительно | Операционная система АО “НППКТ” ОСОН ОСнова Оnyx до 2.7 |

Наименование ОС и тип аппаратной платформы: РЕД ОС 73 | Linux до 5172 включительно | ОСОН ОСнова Оnyx до 27 |
Дата выявления: 08.04.2022.
CVSS 2.0: AV:L/AC:L/Au:N/C:N/I:N/A:C
Уровень опасности уязвимости: Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,9)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,1)

Возможные меры по устранению:
Использование рекомендаций:
Обновление программного обеспечения:
Для Linux:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a

Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Организационные меры:
– отключение сервиса sunrpc (для операционных систем Linux)
– использование антивирусных средств защиты

Для ОСОН ОСнова Оnyx (версия 2.7):
Обновление программного обеспечения linux до версии 5.15.86-1.osnova211 .
Статус уязвимости: Подтверждена производителем
Наличие эксплойта: Данные уточняются
Информация об устранении: Уязвимость устранена
Идентификаторы других систем описаний уязвимости: CVE-2022-28893.

How to Fix Linux Vulnerabilities

How to Fix Linux Vulnerabilities

The Linux kernel is frequently cited as the foundation of some of the most well-liked open-source projects. The kernel is crucial to the system’s stability, performance, and security because it is the OS’s main module.

Because of this, engineers must have a thorough awareness of the most frequent software bugs and Linux vulnerabilities. This not only lowers the possibility of exploits but also raises the general caliber of the program you create.

The majority of Linux Kernel problems, including SQL Injection, Uncontrolled Format String, Buffer Overflow, Integer Overflow, and OS Command Injection, are linked to these flaws.

Three main criteria influence a vulnerability’s impact or severity, regardless of the weakness that led to it. Which are:

  • Existence– The existence of a software vulnerability
  • Access- The potential for an attacker to exploit a vulnerability
  • Exploit- The potential for attackers to use particular methods or tools to exploit a vulnerability.

Hackers can infiltrate a system by taking advantage of known flaws and acquiring root access, crashing the system, or gaining memory access. We’ll go through three of the most prevalent Linux Kernel vulnerabilities in this article.

We will also explore how to identify and address these issues.

Table of Contents

Linux Vulnerabilities

How to Fix Linux Vulnerabilities

CVE-2019-11477

  • CVSS Score: 7.8
  • Affects Linux Kernels: 2.6.29 versions and above
  • Vulnerability Type: Denial of Service

CVE-2019-11477, also known as TCP SACK PANIC, is brought on by an integer overflow as the Linux networking subsystem handles TCP selective acknowledgment (SACK).

The socket buffer data structure of the kernel is broken up during the processing of TCP SACK segments. The kernel may overflow the variable containing the number of segments if it merges numerous socket buffers into one to process the SACK blocks efficiently.

By submitting specially designed SACK requests, an attacker might use this flaw to create a kernel panic. A denial of service could result from the CVE-2019-11477 vulnerability being exploited.

The fact that CVE-2019-11477 is connected to the moderately serious CVE IDs for two more vulnerabilities—CVE-2019-11478 and CVE-2019-11479—is noteworthy.

While CVE-2019-11478 is connected to TCP SACK, the latter is brought on by a bug in how Maximum Segment Size is processed (MSS).

CVE-2019-11478

Attackers can fragment the TCP retransmission queue by sending a carefully constructed series of SACKs requests due to a weakness in the Linux kernel.

An attacker might force an expensive linked-list walk for SACK requests received for the same TCP connection by taking advantage of the fragmented queue.

The CPU would have to use a lot of system resources while it tries to recreate the list.

CVE-2019-11479

This vulnerability results from a bug that lets hackers send packets with low MSS values, which uses up a lot of resources.

An attacker has the kernel divide responses into many TCP segments, each of which only contains 8 bytes of data.

Due to the increased bandwidth needed to transport the same quantity of data, greater CPU and NIC processing power usage results.

Even though the assault may be over once the attacker stops sending traffic, the system’s performance is drastically reduced, which causes a DoS for some users.

Resolving TCP SACK PANIC Vulnerabilities

You must act quickly by deactivating the vulnerable component if your system is susceptible to certain TCP SACK PANIC flaws. As an alternative, you can employ iptables to block connections whose MSS size can effectively exploit the flaw.

The second option is better because it addresses all three issues.

CVE-2017-18017

  • CVSS Score: 10.0
  • Affected Versions: Before 4.11 and 4.9x before 4.9.36
  • Vulnerability type: Denial of Service, Memory corruption

Denial-of-service problems can result from flaws in the Kernel’s handling of exceptions.

The function tcpmss mangle packet located in net/Netfilter/xt TCPMSS.c is responsible for the CVE-2017-18017 vulnerability, which enables remote hackers to launch a DoS attack.

By taking advantage of the fact that xt TCPMSS is present in iptables actions, attackers can also carry out undefined actions.

Because it specifies the MSS that is permitted for accepting TCP headers, the function net/Netfilter/xt TCPMSS.c is crucial in filtering network communication.

Given that attackers can remotely exploit the defect, the effects of this type of flaw could be serious.

CVE-2018-5390

  • CVSS Score: 7.5
  • Affected Versions: Linux Kernel 6 and Above
  • Vulnerability Type: Denial of Service

SegmentSmack, also known as CVE-2018-5390, is a moderately serious vulnerability in the Linux kernel.

It happens as a result of a bug in how the Kernel manages specifically constructed TCP packets.

By delivering altered packets during active TCP sessions, remote attackers can use this vulnerability to cause pricey calls to the TCP prune ofo queue() and TCP collapse ofo queue() functions.

Due to CPU overuse and a lack of bandwidth, the system cannot handle incoming network traffic, which ultimately results in a denial of service. Attacks employing faked IP addresses are not possible because continual two-way sessions to an open port are necessary for an attacker to maintain the DoS condition.

Resolving the SegmentSmack

The default values of the net.ipv4.ipfrag low thresh and net.ipv4.ipfrag high thresh (as well as their IPv6 counterparts) are 4MB and 3MB, respectively. You can mitigate the vulnerability in addition to installing an updated or fixed Linux Kernel by changing these values to 192kB and 256kB, respectively. As a result, the attack’s CPU saturation will significantly decrease.

CVE-2022-0435

  • CVSS Score: 9.0
  • Severity: Critical

A stack overflow vulnerability was discovered in the TIPC protocol feature of the Linux kernel when a user sent a packet containing malicious content with more domain member nodes than the 64 permitted. If a remote user has access to the TIPC network, they can exploit this weakness to crash the system or even escalate their privileges.

This vulnerability poses the greatest risk to system availability, confidentiality, and integrity.

This vulnerability poses a serious risk because it can be exploited over any network with little difficulty and with few access privileges.

CVE-2022-0492

  • CVSS Score: 7.8
  • Severity: Important

The kernel/cgroup/cgroup-v1.c function cgroup release agent written in the Linux kernel was determined to be vulnerable. Under some conditions, this weakness enables the use of the cgroups v1 release agent functionality to elevate privileges and unexpectedly overcome namespace isolation.

This vulnerability poses the greatest risk to system availability, confidentiality, and integrity.

This vulnerability carries a high risk of exposure due to its low attack complexity and minimal privilege requirements. Because it does need local network access to exploit, the overall danger is reduced.

CVE-2022-28893

  • CVSS Score: 7.2
  • Severity: Important

Through Linux kernel version 5.17.2, the SUNRPC subsystem can call xs xprt free without first checking that sockets are in the desired condition.

This vulnerability poses the greatest danger to system availability, confidentiality, and integrity.

This vulnerability carries a high risk due to the ease with which it may be exploited, which just requires local network access and low privileges, and attack complexity.

CVE-2022-0998

  • CVSS Score: 7.2
  • Severity: Important

The way a user invokes the vhost vdpa config validates function in the Linux kernel’s virtio device driver code contains an integer overflow fault. A local user might potentially elevate their privileges on the system or cause the system to crash due to this bug.

Confidentiality, integrity, and system availability are the three areas that are most at risk from this vulnerability.

This vulnerability carries a high risk due to the ease with which it may be exploited, which just requires local network access and low privileges, and attack complexity.

CVE-2022-0995

  • CVSS Score: 6.6
  • Severity: Important

The watch queue event notification subsystem of the Linux kernel was found to have an out-of-bounds (OOB) memory write bug. A local user may be able to obtain privileged access or bring about a denial of service on the system due to this flaw’s ability to overwrite portions of the kernel state.

This vulnerability poses the greatest risk to system availability and confidentiality.

This vulnerability carries a high risk due to the ease with which it may be exploited, which just requires local network access and low privileges, and attack complexity.

Protect Yourself against Linux Kernel Vulnerabilities

Continuously checking your repositories is the most efficient strategy to guard against Linux Kernel vulnerabilities and related attacks.

This makes it simpler to find weak open-source project components and to deliver timely fixes.

WhiteSource Bolt, a GitHub app that enables unlimited private and public repository scanning to identify vulnerabilities in real time, is one of the best tools for the job. When Bolt finds flaws in your code, it automatically creates a new problem in the issue tracker.

Additionally, it offers a thorough report including the CVSS rating of the vulnerability and suggested fixes.

In addition to utilizing Bolt, it’s critical to make sure your software product versions are up to date at all times. As updates frequently include patches and fixes, doing this will help you stay secure.

How vulnerabilities are fixed?

An operating system update, an application patch, or a configuration change can all be used to address vulnerabilities. Vulnerabilities discovered may affect copies of apps rather than the originals. A vulnerability can only be fixed by a patch if the application is installed.

What is vulnerability management in Linux?

With Microsoft Defender for Endpoint’s threat and vulnerability management features, businesses can efficiently find, analyze, and fix endpoint flaws to lower organizational risk. For a detailed list of supported platforms and operating systems, consult our documentation.

Is Linux OS safe?

“Linux is the safest OS since its source code is available. It can be examined by anyone to check for bugs or back doors. According to Wilkinson, “the information security community is aware of fewer exploitable security weaknesses in Linux and Unix-based operating systems.

Conclusion

These faults are to blame for most Linux Kernel issues. By taking advantage of vulnerabilities that are well known, hackers can gain root access to a system. In this article, we’ll go through three of the most common Linux Kernel vulnerabilities and explain how to spot and fix them. The CVE-2019-11478 vulnerability is linked to a problem that allows hackers to send packets with low MSS values, wasting a lot of resources. The Linux kernel separates responses into several TCP segments, each of which only holds 8 bytes of data, as a result of a defect.

CVE-2018-5390, commonly known as the SegmentSmack vulnerability, is a flaw in the Linux kernel’s handling of specially designed TCP packets that can result in denial of service attacks.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *