Archive for the ‘Linux hacking’ Category

RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts

February 12th, 2019
A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to the host operating system. The vulnerability, identified as CVE-2019-5736, was discovered by open source security researchers Adam Iwaniuk and

Posted in Amazon AWS, Cloud hosting, docker, Google Cloud, hacking news, how to hack linux, Kubernetes, linux, linux container, Linux hacking, redhat linux, SELinux, Suse Linux, Virtualization software | Comments (0)

Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

January 22nd, 2019
Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by a

Posted in APT, hacking news, linux, Linux APT, Linux hacking, Linux Vulnerability, man-in-the-middle attack, Software security, Vulnerability | Comments (0)

3 New CIA-developed Hacking Tools For MacOS & Linux Exposed

July 27th, 2017

WikiLeaks has just published a new set of classified documents linked to another CIA project, dubbed ‘Imperial,’ which reveals details of at least three CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux operating systems.

If you are a regular reader of THN, you must be aware that this latest revelation by the

Posted in Apple mac malware, CIA Hacking Tools, hacking computers, hacking tools, Linux hacking, Linux Rootkit, mac os rootkit, mac os x hacking, rootkit | Comments (0)

Linux Kernel Gets Patch For Years-Old Serious Vulnerability

March 16th, 2017

Another dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu.

The latest Linux kernel flaw (CVE-2017-2636), which existed in the Linux kernel for the past seven years, allows a local unprivileged user to gain root privileges on affected systems or cause a denial

Posted in Buffer Overflow, double free vulnerability, how to hack linux, Linux hacking, Linux kernel, Linux kernel exploit, Linux Vulnerability, memory corruption vulnerability, Vulnerability | Comments (0)

5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered

December 7th, 2016

A 5-year-old serious privilege-escalation vulnerability has been discovered in Linux kernel that affects almost every distro of the Linux operating system, including Redhat, and Ubuntu.

Over a month back, a nine-year-old privilege-escalation vulnerability, dubbed “Dirty COW,” was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat,

Posted in Denial of Service, hacking news, how to hack linux, Linux hacking, Linux kernel, Linux kernel exploit, linux security, Linux Vulnerability, server hacking, Vulnerability | Comments (0)

This Hack Gives Linux Root Shell Just By Pressing ‘ENTER’ for 70 Seconds

November 16th, 2016

A hacker with little more than a minute can bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds.

The result? The act grants the hacker a shell with root privileges, which allows them to gain complete remote control over encrypted Linux machine.

The security issue relies due to a vulnerability (CVE-2016-4484) in the

Posted in Debian linux, Denial of Service, elevation of privilege, hacking news, information disclosure, Linux exploit, Linux hacking, Linux Unified Key Setup, Linux Vulnerability | Comments (0)

Internet Traffic Hijacking Linux Flaw Affects 80% of Android Devices

August 16th, 2016

An estimated 80 percent of Android smartphones and tablets running Android 4.4 KitKat and higher are vulnerable to a recently disclosed Linux kernel flaw that allows hackers to terminate connections, spy on unencrypted traffic or inject malware into the parties’ communications.

Even the latest Android Nougat Preview is considered to be vulnerable.
<!– adsense –>
The security flaw was first

Posted in hacking news, how to hack android, Linux hacking, Linux kernel, linux security, TCP protocol, Vulnerability | Comments (0)

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

February 17th, 2016
glibc-linux-flaw

A highly critical vulnerability has been uncovered in the GNU C Library (glibc), a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them.

Just clicking on a link or connecting to a server can result in remote code execution (RCE), allowing hackers to steal credentials, spy on users, seize control of computers, and many more.
The vulnerability is similar to the last year’s GHOST vulnerability (CVE-2015-0235) that left countless machines vulnerable to remote code execution (RCE) attacks, representing a major Internet threat.
GNU C Library (glibc) is a collection of open source code that powers thousands of standalone apps and most Linux distributions, including those distributed to routers and other types of hardware.
The recent flaw, which is indexed as CVE-2015-7547, is a stack-based buffer overflow vulnerability in glibc’s DNS client-side resolver that is used to translate human-readable domain names, like google.com, into a network IP address.
The buffer overflow flaw is triggered when the getaddrinfo() library function that performs domain-name lookups is in use, allowing hackers to remotely execute malicious code.

How Does the Flaw Work?

The flaw can be exploited when an affected device or app make queries to a malicious DNS server that returns too much information to a lookup request and floods the program’s memory with code.
This code then compromises the vulnerable application or device and tries to take over the control over the whole system.
It is possible to inject the domain name into server log files, which when resolved will trigger remote code execution. An SSH (Secure Shell) client connecting to a server could also be compromised.
However, an attacker need to bypass several operating system security mechanisms – like ASLR and non-executable stack protection – in order to achieve successful RCE attack.
Alternatively, an attacker on your network could perform man-in-the-middle (MitM) attacks and tamper with DNS replies in a view to monitoring and manipulating (injecting payloads of malicious code) data flowing between a vulnerable device and the Internet.

Affected Software and Devices

All versions of glibc after 2.9 are vulnerable. Therefore, any software or application that connects to things on a network or the Internet and uses glibc is at RISK.
The widely used SSH, sudo, and curl utilities are all known to be affected by the buffer overflow bug, and security researchers warn that the list of other affected applications or code is almost too diverse and numerous to enumerate completely.
The vulnerability could extend to a nearly all the major software, including:
  • Virtually all distributions of Linux.
  • Programming languages such as the Python, PHP, and Ruby on Rails.
  • Many others that use Linux code to lookup the numerical IP address of an Internet domain.
  • Most Bitcoin software is reportedly vulnerable, too.

Who are Not Affected

The good news is users of Google’s Android mobile operating system aren’t vulnerable to this flaw. As the company uses a glibc substitute known as Bionic that is not susceptible, according to a Google representative.
Additionally, a lot of embedded Linux devices, including home routers and various gadgets, are not affected by the bug because these devices use the uclibc library as it is more lightweight than hefty glibc.
The vulnerability was first introduced in May 2008 but was reported to the glibc maintainers July 2015.
The vulnerability was discovered independently by researchers at Google and Red Hat, who found that the vulnerability has likely not been publicly attacked.
The flaw was discovered when one of the Google’s SSH apps experienced a severe error called a segmentation fault each time it attempted to contact to a particular Internet address, Google’s security team reported in a blog post published Monday.

Where glibc went Wrong

Google researchers figured out that the error was due to a buffer overflow bug inside the glibc library that made malicious code execution attacks possible. The researchers then notified glibc maintainers.
Here’s what went wrong, according to the Google engineers:

“glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.”

“Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.”

Proof-of-Concept Exploit Released

Google bod Fermin J. Serna released a Proof-of-Concept (POC) exploit code on Tuesday.
With this POC code, you can verify if you are affected by this critical issue, and verify any mitigations you may wish to enact.

Patch glibc Vulnerability

Google researchers, working with security researchers at Red Hat, have released a patch to fix the programming blunder.
However, it is now up to the community behind the Linux OS and manufacturers, to roll out the patch to their affected software and devices as soon as possible.
For people running servers, fixing the issue will be a simple process of downloading and installing the patch update.
But for other users, patching the problem may not be so easy. The apps compiled with a vulnerable glibc version should be recompiled with an updated version – a process that will take time as users of affected apps have to wait for updates to become available from developers.
Meanwhile, you can help prevent exploitation of the flaw, if you aren’t able to immediately patch your instance of glibc, by limiting all TCP DNS replies to 1024 bytes, and dropping UDP DNS packets larger than 512 bytes.
For more in-depth information on the glibc flaw, you can read Red Hat blog post.

Posted in DNS hijacking, glibc, GNU C Library, Google Security, hacking news, Linux hacking, Linux OS, linux security, Programming, remote code execution, Vulnerability | Comments (0)

DRAM Rowhammer vulnerability Leads to Kernel Privilege Escalation

March 10th, 2015

Security researchers have find out ways to hijack the Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips and gaining higher kernel privileges on the system.

The technique, dubbed “rowhammer”, was outlined in a blog post published Monday by Google’s Project Zero security initiative

Posted in DRAM RowHammer Vulnerability, hacking news, Kernel Privilege Escalation, Linux hacking, memory bit flipping, memory hack, RAM hacking, sandbox bypass, Vulnerability, Zero-Day Vulnerability | Comments (0)

How to Detect Exploits of the GHOST Buffer Overflow Vulnerability

February 12th, 2015

The GHOST vulnerability is a buffer overflow condition that can be easily exploited locally and remotely, which makes it extremely dangerous. This vulnerability is named after the GetHOSTbyname function involved in the exploit.

Attackers utilize buffer overflow vulnerabilities like this one by sending specific packets of data to a vulnerable system. The attack allows the attacker to

Posted in AlienVault Unified Security Management, AlienVault USM, buffer overflow vulnerability, GHOST vulnerability, hacking news, Linux hacking, network security | Comments (0)