Sunday, December 3, 2023

Critical Linux Kernel Vulnerability Let Attackers Execute Arbitrary Code Remotely

SMB servers that have ksmbd enabled are vulnerable to hacking due to a major Linux kernel vulnerability (CVSS score of 10). 

KSMBD is a Linux kernel server that uses the SMB3 protocol to share files over the network in kernel space. On vulnerable Linux Kernel installations, an unauthenticated, remote attacker can run any programme.

Linux Kernel ksmbd Use-After-Free RCE

Researchers Arnaud Gatignol, Quentin Minster, Florent Saudel, and Guillaume Teissier from the Thalium Team at Thales Group found the vulnerability on July 26, 2022.

The problem was made known to the public on December 22, 2022.

“This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable”, according to the advisory published by ZDI.

According to the reports, the SMB2 TREE DISCONNECT command processing is where the exact flaw is found. 

The problem arises from the failure to validate an object’s existence before performing operations on it. By taking advantage of this flaw, an attacker might execute code within the context of the kernel.

SMB servers using Samba are unaffected, according to researcher Shir Tamari, Head of Research at Wiz IO. He also noted that SMB servers using ksmbd are vulnerable to read access, which could cause server memory to leak (similar to the vulnerability Heartbleed).

“ksmbd is new; most users still use Samba and are not affected. Basically, if you are not running SMB servers with ksmbd, enjoy your weekend.” added Tamari.

Hence, IT teams should do an environmental assessment to make sure any potential vulnerabilities are patched using the most recent Linux release.

Managed DDoS Attack Protection for Applications – Download Free Guide

Website

Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles