Three Linux vulnerabilities provided root access to hackers since 2006
Three Linux vulnerabilities provided root access to hackers since 2006 in the iSCSI module used for getting to shared data storage. This flaw could allow root access to any hacker with a user account.
The three vulnerabilities – CVE-2021-27363, CVE-2021-27364 and CVE-2021-27365 – were in the Linux code since 2006 going unnoticed until the researchers from GRIMM discovered them.
Adam Nichols, Software Security Principal at GRIMM said. “If you already had execution on a box, either because you have a user account on the machine, or you’ve compromised some service that doesn’t have repaired permissions, you can do whatever you want basically,”
Even though the flaw “are in code that isn’t remotely accessible, so this isn’t like a remote exploit,” said Nichols. However they can take “any existing threat that might be there. It just makes it that much worse,” he explained. “And if you have users on the system that you don’t really trust with root access it, it breaks them as well.”
The vulnerabilities have gone unnoticed for so long which having been causing some IT professionals to question the viability of Linux a bit.
These vulnerabilities are in all versions of Linux. Nichols said the kernel driver is not loaded by default but after it is loaded the iSCSI driver can be exploited.
Debian and Ubuntu “are in the same boat as Red Hat. If a specific driver packages are installed, then it’s there to be exploited,” Nichols said.
These bugs have been recently patched with these releases: 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, and 4.4.260. The older Kernels that are at End-Of-Life will not get any new patching.
Discover more from Patrick Domingues
Subscribe to get the latest posts sent to your email.