Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Impact of CVE-2022-0185 Linux Kernel Vulnerability on Popular Kubernetes Engines

Last week, a critical vulnerability identified as CVE-2022-0185 was disclosed, affecting Linux kernel versions 5.1 to 5.16.1. The security vulnerability is an integer underflow in the Filesystem Context module that allows a local attacker to run arbitrary code in the context of the kernel, thus leading to privilege escalation, container environment escape, or denial of service.

CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit

On Jan. 18, 2022, researchers found a heap base buffer overflow flaw (CVE-2022-0185) in the Linux kernel (5.1-rc1+) function “legacy_parse_param” of filesystem context functionality, which allows an out-of-bounds write in kernel memory. Using this primitive, an unprivileged attacker can escalate its privilege to root, bypassing any Linux namespace restrictions.

Analyzing the PwnKit local privilege escalation exploit

What do Linux vulnerabilities and natural disasters have in common? Something seemingly dormant can suddenly spring to life, exposing activity beneath the surface. Several days ago, a security researcher published a high-severity vulnerability named PwnKit that impacts most major Linux distributions. The scary part? It’s existed since May of 2009. Polkit is a component for controlling privileges in Unix-like operating systems and is included by default on most major Linux distributions.

Detecting and mitigating CVE-2021-4034: "Pwnkit" local privilege escalation

A new advisory from Qualys discloses a local privilege escalation bug in SUID-set program ‘pkexec’. The flaw has been designated the CVE ID of CVE-2021-4034 and nicknamed “pwnkit” by the vulnerability finders. The CVSSv3 base score is calculated to be a high 7.8 out of 10.0. The vulnerable program is a part of Polkit, which manages process privileges.

CVE-2021-4034: A Walkthrough of Pwnkit - the Latest Linux Privileges Escalation Vulnerability

Since 2009, more than 12 years ago, all major Linux distributions have been incorporating a high severity security hole that remained unnoticed until just recently. The vulnerability and exploit, dubbed “PwnKit” (CVE-2021-4034), uses the vulnerable “pkexec” tool, and allows a local user to gain root system privileges on the affected host. Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems.

Programs Hacking Programs: How to Extract Memory Information to Spot Linux Malware

Threat actors go to great lengths to hide the intentions of the malware they produce. For instance, binaries are often encrypted or packed. Typically, encrypting binaries is enough to thwart automated analysis platforms such as Cuckoo or other automated malware sandboxes. The implication is that automated detection of malicious programs might not be successful.

CVE-2022-0185: Detecting and mitigating Linux Kernel vulnerability causing container escape

This week, Linux maintainers and vendors disclosed a heap overflow vulnerability in the Linux Kernel. The vulnerability has been issued a Common Vulnerability and Exposures ID of CVE-2022-0185 and is rated as a High (7.8) severity. The flaw occurs in the Filesystem Context system when handling legacy parameters. An attacker can leverage this flaw to cause a DDoS, escape container environments, and elevate privileges.

Introducing Teleport Access Plane for Linux and Windows Hosts

We are excited to welcome Windows hosts to the Teleport Access Plane. For the past 5 years we’ve helped refine our Access Plane for Linux hosts, providing short-lived certificate-based access, RBAC and developer-friendly access to resources. As we’ve rolled Teleport to larger organizations, we found that people wanted the same convenience and security of Teleport but for Windows hosts.

A kernel of truth: Linux isn't as foolproof as we may have thought

A world without Linux is hard to imagine. Every Google search we run is accomplished on Linux-based servers. Behind the Kindle we enjoy reading, to the social media sites we spend scrolling away every day sits the Linux kernel. Would you believe your ears if I tell you the world’s top 500 supercomputers run on Linux? No wonder Linux has permeated into every aspect of the digital age, not to mention its steadily growing enterprise user base.

How to detect security threats in your systems' Linux processes

Almost all tasks within a Linux system, whether it’s an application, system daemon, or certain types of user activity, are executed by one or more processes . This means that monitoring processes is key to detecting potentially malicious activity in your systems, such as the creation of unexpected web shells or other utilities.