May 24th, 2023 |
Cybersecurity researchers have uncovered new vulnerabilities in widely used Linux components, posing a significant risk to critical infrastructure and sensitive data. These vulnerabilities have been identified as frequent targets for malicious cyber actors and have been active since as far back as 2010.
One of the vulnerabilities affects Red Hat Polkit, an essential toolkit responsible for managing the policy between privileged and unprivileged processes. This vulnerability enables attackers to bypass credential checks, leading to privilege escalation. With this exploit, unauthorized individuals can gain higher privileges, potentially compromising system security and accessing sensitive information.
Another vulnerability has been discovered within the Linux Kernel itself. This vulnerability introduces a race condition, making the behavior of the program susceptible to manipulation by attackers. By altering the timing or order of operations, malicious actors can launch denial-of-service attacks, corrupt data, or even escalate their privileges within the system.
The Reliable Datagram Sockets (RDS) protocol implementation in the Linux Kernel is also affected by a vulnerability. Exploiting improper input validation, local users can exploit this flaw to gain elevated privileges. This means that unauthorized users within the system can potentially acquire higher privileges than intended, compromising the security and confidentiality of sensitive data.
Acreto can effectively address these Linux-related vulnerabilities.
CVE-2021-3560: Acreto’s Ecosystems can address this vulnerability by providing micro-segmentation and nano-segmentation capabilities. Ecosystems can easily isolate individuals or groups of systems, limiting access only to systems that need to interoperate together. By segmenting the Linux systems and implementing access controls based on the principle of least privilege, Acreto can help prevent unauthorized bypassing of credential checks and mitigate privilege escalation.
CVE-2014-0196: To address this vulnerability in the Linux Kernel, Acreto’s Ecosystems provide isolated data flows between systems. By defining isolated data flows between vulnerable systems and other authorized Ecosystem members, Acreto can limit access to specific sources, destinations, network protocols, ports, and application protocols. This can help prevent local users from exploiting the race condition vulnerability and gaining elevated privileges.
CVE-2010-3904: For the vulnerability in the Linux Kernel’s RDS protocol implementation, by segmenting the Linux systems and defining isolated data flows, Acreto can limit access to the RDS protocol and prevent local users from exploiting the improper input validation vulnerability, thus mitigating the risk of elevated privileges.
Ecosystem Security Isolation
Ecosystems deliver a dedicated security infrastructure that can be deployed per application, use-case, project or third-party. An Ecosystem inherently limits access only to users, devices, systems and applications that need to interoperate together.
Ecosystems support any technology, on any network, anywhere in the world. These include computers, mobile devices, IoTs, Offices, Clouds, SaaS and Data Centers.
Ecosystems can be configured as:
Open → With inbound or outbound access from or to the Internet or a third-party
Closed → Fully contained with access limited to Ecosystem members
Hybrid → Where some systems have inbound or outbound Internet access while others operate fully contained.
Eliminate the Internet Attack Surface
Eliminates any and all access from the Internet while Ecosystem members can interoperate with authorized systems and applications.
Eliminate the Internal Attack Surface
Ecosystems can easily isolate individual or groups of systems on a shared network or entire networks, to limit access only to systems that need to interoperate together. This is done with
Micro-Segmentation Segmenting groups of systems on any shared network, including hostile networks or the entire network.
Nano-Segmentation Isolating an individual system, device or application to limit access only to other authorized Ecosystem members.
Isolated Data Flows
Isolated data flows can be defined between two Ecosystem members to limit access to specified sources and destinations, network protocols and ports, application protocols as well as application programs.
Encrypted Secure Scan
Secure Scan addresses a key weakness in many security tools today. 90%+ of all communications is encrypted, yet only 10% of organizations have the means to secure these communications. Encrypted Secure Scan decrypts, scans, and re-encrypts communications inline and in real-time.
Any malicious content embedded in the encrypted payload is blocked, while the clean and validated communication is delivered to its final destination.
Identity with MFA
User Authorizes access to the Ecosystem by a user’s identity, including MFA, as authenticated by the organizations’ Directory Services such as Active Directory or LDAP, as well as third-party Identity Service Providers such as Okta, Ping, Duo, and CloudJump among others.
Device Specifies a unique identity to each device to validate that a specified device that does not rely on a user to operate – such as an autonomous application or IoT, is allowed to join the Ecosystem.
Network Protocol / Port
Control the network protocol (TCP, UDP, ICMP) and Port (1-65535) any Ecosystem member can use to communicate with any other Ecosystem member or Internet resource by IP, user or device identity. Both inbound and outbound Internet flows are supported.
Control the application protocol (HTTP, DNS, SMTP, SMB, etc…) any Ecosystem member can use to communicate with any other Ecosystem members or Internet resource by IP, user or device identity. Both inbound and outbound Internet flows are supported.
Control the application program (MS-Exchange, Oracle, Facebook, GMail, etc…) any Ecosystem member can use to communicate with any other Ecosystem members or Internet resource by IP, user or device identity. Both inbound and outbound Internet flows are supported.
Control communication based on content categories such as Adult, Gambling, Politics, Malware sites among 90+ category options.
File Type Upload / Download Controls
Control upload/download of files by type such .EXE, PDF, XLS, DOC, SCR, and MSI among hundreds of options.
Data Leak Prevention
Prevent data leaks by identifying and mitigating the upload or download of sensitive data such as:
Credit Cards Upload / Download Controls
Social Security Number Upload / Download Controls
RegEx Pattern Upload / Download Controls
After verification of network protocol, port, application protocol and application program, a deep inspection is performed on all communications. The effectiveness of this method is amplified by inline Encrypted Secure Scan. Threat prevention capabilities utilize two key methods:
Identifies and mitigates known bad exploits, malware, botnets and ransomware.
Zero-Day Behavioral Analysis
Looks for behavioral indication of threats based on how system functions react to the payload, immediately and over time.
Acreto Ecosystems are very easy to provision and deploy. There are no hardware dependencies or associated logistics.
Provisioning an Ecosystem takes 3-5 minutes. Simply provide a unique name to the Ecosystem then choose the bandwidth desired and within a few minutes your Ecosystem providing a dedicated security infrastructure is ready.
Depending on your connection options for Ecosystem members, deployment can take between 10 minutes to a few hours.
Acreto Ecosystems utilize a sustainable model without any dependency on products and their associated logistics. There are no more updates, upgrades or technology refreshes.
Different Ecosystems operate completely independently from one another. Therefore, change management impacts only members of a specified Ecosystem, not the entire organization. This simplifies the traditionally complex change management process.
Policy management also benefits from Ecosystems. Because Ecosystems are specific to a customer scenario such as an application, use-case, project or third-party, all policies apply to the scenario. Moreover, when its time for policy cleanup, when an application or use-case is retired, disabling or deleting the Ecosystem automatically prunes the policies. This has traditionally been a complex task that is at best inaccurate.
Mechanism of Attack
CVE-2021-3560 – Red Hat Polkit: Red Hat Polkit, an application-level toolkit for managing the policy between privileged and unprivileged processes, has an incorrect authorization vulnerability. Attackers can bypass credential checks for D-Bus requests, leading to privilege escalation.
CVE-2014-0196 – Linux Kernel: The Linux Kernel is susceptible to a race condition vulnerability within the n_tty_write function. Local users can exploit this flaw to cause denial-of-service or gain elevated privileges through read and write operations involving long strings.
CVE-2010-3904 – Linux Kernel: The Linux Kernel’s Reliable Datagram Sockets (RDS) protocol implementation contains an improper input validation vulnerability. Local users can exploit this flaw by crafting the sendmsg and recvmsg system calls, gaining elevated privileges.
For more details on CVEs, visit: CVE – CVE (mitre.org)
Acreto delivers full-stack cybersecurity without products, logistics or significant security expertise. It creates and consolidates the best of cybersecurity into a single plug-and-play platform with automated updates to stay ahead of threats. Acreto activates enterprise-grade security instantly, so organizations can run safely, easily, and without interruption.