The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Linux Vulnerability

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
March 05, 2020Mohit Kumar
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. The affected pppd software is an implementation of Point-to-Point Protocol (PPP) that enables communication and data transfer between nodes, primarily used to establish internet links such as those over dial-up modems, DSL broadband connections, and Virtual Private Networks. Discovered by IOActive security researcher Ilja Van Sprundel , the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol (EAP) packet parser of the pppd software, an extension that provides support for additional authentication methods in PPP connections. The vulnerability , tracked as CVE-2020-8597  with CVSS Score 9.8, can be exploited by unau

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
February 03, 2020Mohit Kumar
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system. Sudo has been designed to let users run apps or commands with the privileges of a different user without switching environments. Sudo Vulnerability (CVE-2019-18634) The newly discovered privilege escalation vulnerability, tracked as CVE-2019-18634 , in question stems from a stack-based buffer overflow issue that resides in Sudo versions before 1.8.26. According to Vennix, the flaw can only be exploited when the " pwfeedback " option is enabled in the sudoers configuration file, a feature that provides visua

KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files

KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files
August 07, 2019Wang Wei
If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while. A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a user's computer—without even requiring the victim to actually open it. KDE Plasma is one of the most popular open-source widget-based desktop environment for Linux users and comes as a default desktop environment on many Linux distributions, such as Manjaro, openSUSE, Kubuntu, and PCLinuxOS. Security researcher Dominik Penner who discovered the vulnerability contacted The Hacker News, informing that there's a command injection vulnerability in KDE 4/5 Plasma desktop due to the way KDE handles .desktop and .directory files. "When a .desktop or .directory file is

Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List

Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List
July 25, 2019Mohit Kumar
Cybersecurity researchers have discovered a new variant of WatchBog , a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw . BlueKeep is a highly-critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Services that could allow an unauthenticated remote attacker to take full control over vulnerable systems just by sending specially crafted requests over RDP protocol. Though the patches for the BlueKeep vulnerability (CVE–2019-0708) was already released by Microsoft in May this year, more than 800,000 Windows machines accessible over the Internet are still vulnerable to the critical flaw. Fortunately, even after many individuals in the security community developed working remote code exploits for BlueKeep, there is no public proof-of-concept (PoC) exploit available till the date, potentially preventing opportunistic hackers from wreaking h

Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor
June 10, 2019Mohit Kumar
Linux users, beware! If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim —two most popular and powerful command-line text editing applications that come pre-installed with most Linux-based operating systems. On Linux systems, Vim editor allows users to create, view or edit any file, including text, programming scripts, and documents. Since Neovim is just an extended forked version of Vim, with better user experience, plugins and GUIs, the code execution vulnerability also resides in it. Code Execution Flaw in Vim and Neovim Razmjou discovered a flaw in the way Vim editor handles "modelines," a feature that's enabled-by-default to automatically find and apply a set of custom pref

Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems
January 22, 2019Swati Khandelwal
Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by a remote, man-in-the middle attacker to compromise Linux machines. The flaw, apparently, once again demonstrates that if the software download ecosystem uses HTTPS to communicate safely, such attacks can easily be mitigated at the first place. Discovered by Max Justicz, the vulnerability (CVE-2019-3462) resides in the APT package manager, a widely used utility that handles installation, update and removal of software on Debian, Ubuntu, and other Linux distributions. According to a blog post published by Justicz and details shared with The Hacker News, the APT utility doesn't properly

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command
December 06, 2018Mohit Kumar
Hold tight, this may blow your mind… A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability. The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines policies, handles system-wide privileges and provides a way for non-privileged processes to communicate with privileged ones, such as "sudo," that does not grant root permission to an entire process. The issue, tracked as CVE-2018-19788 , impacts PolicyKit version 0.115 which comes pre-installed on most popular Linux distributions, including Red Hat , Debian ,  Ubuntu , and CentOS. The vulnerability exists due to PolicyKit's improper validation of permission requests for any low-privileged user with UID greater than INT_MAX. Where, INT_MAX is a constant in computer progra

New Privilege Escalation Flaw Affects Most Linux Distributions

New Privilege Escalation Flaw Affects Most Linux Distributions
October 26, 2018Mohit Kumar
An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an intermediary between client and user applications to manage graphical displays. According to a blog post published by software security engineer Narendra Shinde , Xorg X server doesn't correctly handle and validate arguments for at least two command-line parameters, allowing a low-privileged user to execute malicious code and overwrite any file—including files owned by privileged users like root. The flaw, tracked as CVE-2018-14665 , was introduced in X.Org server 1.19.0 package that remained undetected for almost two years and could have been exploited by a local attacker on the terminal or vi

Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors

Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors
January 03, 2018Mohit Kumar
Unlike the initial reports suggested about Intel chips being vulnerable to some severe 'memory leaking' flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues. Disclosed today by Google Project Zero , the vulnerabilities potentially impact all major CPUs, including those from AMD, ARM, and Intel—threatening almost all PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system. These hardware vulnerabilities have been categorized into two attacks , named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715), which could allow attackers to steal sensitive data which is currently processed on the computer. Both attacks take advantage of a feature in chips known as "speculative execution," a technique used by most modern CPUs to optimize performance. "In order to improve performance, many CPUs may choose t

New Linux Malware Exploits SambaCry Flaw to Silently Backdoor NAS Devices

New Linux Malware Exploits SambaCry Flaw to Silently Backdoor NAS Devices
July 19, 2017Mohit Kumar
Remember SambaCry ? Almost two months ago, we reported about a 7-year-old critical remote code execution vulnerability in Samba networking software, allowing a hacker to remotely take full control of a vulnerable Linux and Unix machines. We dubbed the vulnerability as SambaCry, because of its similarities to the Windows SMB vulnerability exploited by the WannaCry ransomware that wreaked havoc across the world over two months ago. Despite being patched in late May, the vulnerability is currently being leveraged by a new piece of malware to target the Internet of Things (IoT) devices, particularly Network Attached Storage (NAS) appliances, researchers at Trend Micro warned . For those unfamiliar: Samba is open-source software (re-implementation of SMB/CIFS networking protocol), which offers Linux/Unix servers with Windows-based file and print services and runs on the majority of operating systems, including Linux, UNIX, IBM System 390, and OpenVMS. Shortly after the publi

A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered

A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered
June 20, 2017Swati Khandelwal
Update: Find working Exploits and Proof-of-Concepts at the bottom of this article. Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to escalate their privileges to root, potentially leading to a full system takeover. Dubbed Stack Clash , the vulnerability ( CVE-2017-1000364 ) has been discovered in the way memory was being allocated on the stack for user space binaries. Exploiting Stack Clash Bug to Gain Root Access The explanation is simple: Each program uses a special memory region called the stack, which is used to store short-term data. It expands and contracts automatically during the execution of any program, depending upon the needs of that program. According to researchers at Qualys, who discovered and reported this bug, a malicious program can attempt to use more memory space than available on the stack,

High-Severity Linux Sudo Flaw Allows Users to Gain Root Privileges

High-Severity Linux Sudo Flaw Allows Users to Gain Root Privileges
June 01, 2017Mohit Kumar
A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root. Sudo, stands for "superuser do!," is a program for Linux and UNIX operating systems that lets standard users run specific commands as a superuser (aka root user), such as adding users or performing system updates. The flaw actually resides in the way Sudo parsed "tty" information from the process status file in the proc filesystem. On Linux machines, sudo parses the /proc/[pid]/stat file in order to determine the device number of the process's tty from field 7 (tty_nr), Qualys Security explains in its advisory . Although the fields in t

Linux Kernel Gets Patch For Years-Old Serious Vulnerability

Linux Kernel Gets Patch For Years-Old Serious Vulnerability
March 16, 2017Swati Khandelwal
Another dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu. The latest Linux kernel flaw ( CVE-2017-2636 ), which existed in the Linux kernel for the past seven years, allows a local unprivileged user to gain root privileges on affected systems or cause a denial of service (system crash). Positive Technologies researcher Alexander Popov discovered a race condition issue in the N_HLDC Linux kernel driver – which is responsible for dealing with High-Level Data Link Control (HDLC) data – that leads to double-free vulnerability. " Double Free " is one of the most common memory corruption bug that occurs when the application releases same memory location twice by calling the free() function on the same allocated memory. An unauthenticated attacker may leverage this vulnerability to inject and execute arbitrary code in the security context of curren

5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered

5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered
December 07, 2016Swati Khandelwal
A 5-year-old serious privilege-escalation vulnerability has been discovered in Linux kernel that affects almost every distro of the Linux operating system, including Redhat, and Ubuntu. Over a month back, a nine-year-old privilege-escalation vulnerability, dubbed " Dirty COW ," was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat, Debian, and Ubuntu. Now, another Linux kernel vulnerability ( CVE-2016-8655 ) that dates back to 2011 disclosed today could allow an unprivileged local user to gain root privileges by exploiting a race condition in the af_packet implementation in the Linux kernel. Philip Pettersson, the researcher who discovered the flaw, was able to create an exploit to gain a root shell on an Ubuntu 16.04 LTS system (Linux Kernel 4.4) and also defeated SMEP/SMAP (Supervisor Mode Execution Prevention/Supervisor Mode Access Prevention) protection to gain kernel code execution abilities. In

This Hack Gives Linux Root Shell Just By Pressing 'ENTER' for 70 Seconds

This Hack Gives Linux Root Shell Just By Pressing 'ENTER' for 70 Seconds
November 16, 2016Swati Khandelwal
A hacker with little more than a minute can bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds. The result? The act grants the hacker a shell with root privileges, which allows them to gain complete remote control over encrypted Linux machine. The security issue relies due to a vulnerability ( CVE-2016-4484 ) in the implementation of the Cryptsetup utility used for encrypting hard drives via Linux Unified Key Setup (LUKS), which is the standard implementation of disk encryption on a Linux-based operating system. The flaw actually is in the way the Cryptsetup utility handles password failures for the decryption process when a system boots up, which lets a user retry the password multiple times. What's even worse? Even if the user has tried up all 93 password attempts, the user is dropped to a shell (Busybox in Ubuntu) that has root privileges. In other words, if you enter a blank password 93 times – or s

Bug in OpenSSH Opens Linux Machines to Password Cracking Attack

Bug in OpenSSH Opens Linux Machines to Password Cracking Attack
July 23, 2015Swati Khandelwal
A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems. Generally, the software allows 3 to 6 Password login attempts before closing a connection, but a new vulnerability lets attackers perform thousands of authentication requests remotely . OpenSSH servers with keyboard-interactive authentication enabled , including FreeBSD Linux, can be exploited to carry out the brute force attack on OpenSSH protocol, a security researcher with online alias KingCope explained in a blog post . Exploit for the Vulnerability RELEASED  Hackers could widely exploit the vulnerability because the keyboard-interactive authentication is by default enabled on most of the systems. Researcher has also released a proof-of-concept exploit code, which i
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.