Uncategorized Archives - Page 2 of 51 - TuxCare

Monthly TuxCare Update – March 2022

Welcome to the March instalment of our monthly news round-up, bought to you by TuxCare. We’re honoured to be the Enterprise Linux industry’s trusted maintenance service provider. Our innovative live patching solutions help maximize system uptime while keeping them secure, reducing your maintenance workload, and minimizing system disruption.

In challenging times, it is ever more essential to keep systems secure. Unfortunately, the trend for record numbers of CVEs continues with no signs of disclosure rates slowing. So in this latest monthly overview, we’ll begin as usual with a round-up of the latest CVEs that the TuxCare Team has patched for you. We’ll also bring you the latest news, advice, and valuable tips to keep your systems safe.

Contents

  1. CVEs Disclosed in March
  2. Enterprise Linux Security Video Podcasts
  3. Threat Management Automation
  4. The Role of Chief Experience Officer
  5. Ponemon Report

CVEs Disclosed in March

This month saw the disclosure of the critical vulnerability CVE-2022-0847, known as “Dirty Pipes”, which affects Linux kernels starting from version 5.8 upwards. This code flaw allows an unprivileged user to overwrite read-only files, including SUID files. An attacker’s exploitation of this vulnerability can compromise confidentiality, integrity, and availability of affected systems. KernelCare Enterprise team has addressed this vulnerability, and you can find more information about it in this TuxCare blog post.

Enterprise Linux Security Video Podcasts

The TuxCare team’s Enterprise Linux Security podcast continues to offer comprehensive topical explanations for the latest hot topics and foundational concepts. Co-hosted by Learn Linux TV’s Jay LaCroix and TuxCare’s very own Joao Correia, four exciting new episodes are available this month.

In the twentieth episode, Joao and Jay discuss the concept of cloud governance and its importance for managing migration to the cloud environment to ensure a smooth transition and make sure the benefits outweigh the risks. You can view the video here: Enterprise Linux Security Episode 20 – Cloud Governance – YouTube

In the twenty-first episode, Joao and Jay discuss the recent “Dirty Pipe” vulnerability and Nvidia’s recent breach. You can view the video here: Enterprise Linux Security Episode 21 – Dirty Pipe & Nvidia’s Breach – YouTube

In the twenty-second episode, Joao and Jay discuss the foundational concepts surrounding how TLS certificates work and offer practical and invaluable advice and recommendations for implementing certificate-based encryption. You can view the video here: Enterprise Linux Security Episode 22 – Certificates – YouTube

In the twenty-third episode, Joao and Jay discuss five critical myths around cyber security that need to be challenged in light of the rapid changes required by industry to keep pace this the threat landscape. You can view the video here: Enterprise Linux Security Episode 23 – Busting 5 IT Security Myths – YouTube

These enthralling and enlightening video podcasts are essential viewing for anyone involved in managing Linux-based enterprise systems.

Threat Management Automation

Last month we reported that CVE records were again broken in 2021, with 28,695 new vulnerabilities disclosed. Unfortunately, this year is set to continue the trend of an ever more challenging threat landscape for businesses. It’s reached the stage where threat management has become an overwhelming task for some companies. System Admins typically bear the brunt of the workload to manage patches, monitoring system security and undertaking post-incident remediation work.

The risk of businesses becoming overwhelmed by the effort required is real and will simplify the attackers’ tasks. The solution is to look at automation wherever possible to reduce the load on the IT team. You can read more about this here: Why Enterprise Threat Mitigation Requires Automated, Single-Purpose Tools (thehackernews.com). A live patching tool such as KernelCare Enterprise can offer an automatic, non-disruptive solution to this vulnerability management problem.

Here at TuxCare, we ensure that threat management will not become an overwhelming overhead for your resources thanks to our automation tools, providing reassurance that threat management is under control.

The Role of Chief Experience Officer

Customer experience is a recognized essential component for businesses. Still, it is often not treated with equal importance as technological or security objectives as its harder to define and often comes into conflict with more tangible technology objectives. Addressing this weakness has seen a trend for creating a Chief Experience Officer (CXO) role in businesses to meet the challenges. You can read more about this subject in the following article written by for Forbes Magazine Igor Seletskiy, CEO of TuxCare: Why CXOs Have Become Influential Members Of The C-Suite (forbes.com)

Ponemon report

TuxCare in collaboration with Ponemon presents the 2nd edition of The State of Enterprise Linux Security Management Report. One of the new findings shows that over 56% of organizations take more than four weeks to deploy patches for known important or critical vulnerabilities. That comes unexpected for an industry where vulnerability awareness is a foundational process. Check out the report for more findings here.

Introducing the State of Enterprise Linux Security Report

As regulations around cyber security tighten and the risks increase, have you ever wondered how your company’s IT processes rank compared to others? Are you patching your systems on time, or one the majority of organizations that take upwards of a month to deploy patches for known vulnerabilities?

As cyber security concerns become more prevalent and threat actors get more sophisticated, it has never been more important to be aware of the current State of Enterprise Linux Security Management. After a successful publication last year of our report on vulnerability management, TuxCare has worked with the Ponemon Institute to develop an updated version, providing a more in-depth understanding of the security risks and mitigation strategies currently in place for Enterprises. Just as the risks are global and can potentially affect every organization, sharing knowledge of how companies deal with security can provide the insights needed to develop and implement the correct strategies – or identify areas where your organization may be lacking and doesn’t even realize it.

Some of the findings were truly unexpected. In an industry where vulnerability awareness is a foundational process, and the response to such vulnerabilities is patching, it was impressive to discover that over 56% of organizations take more than four weeks to deploy patches for known important or critical vulnerabilities. This would be a worrying sign at the best of times, but it is even more important to consider in the current cyber security environment. What steps can be taken to improve this situation? Leaving systems unprotected for such a long period of time invites disaster.

Also, it is remarkable that about a third of organizations are not aware that the security of cloud-hosted systems is still their responsibility. This gap can induce a false sense of security and contribute to a large proportion of systems being left in a security limbo, where the only people looking at them are the threat actors.

On a more positive note, the rise of automation is indeed moving from the headlines to the actual day-to-day activities of IT teams. The standardization and repeatability of processes that come with it is a boon that would be hard to achieve with manual operations.

For these and many other interesting aspects related to Enterprise Linux Security, be sure to check the complete report, which you can find HERE.

“Dirty Pipes” in the Kernel

A few years ago, a vulnerability dubbed “Dirty Cow” (CVE-2016-5195) was in the spotlight for a while. It was a trivially exploitable privilege escalation path that basically affected any Linux distribution and was exploited in the wild extensively. That vulnerability abused the Kernel’s Copy-On-Write (COW) mechanism and was sometime later found to be remotely exploitable through web servers that allowed file uploads.

On the 7th of March of 2022, a similar vulnerability was disclosed, also affecting all recent Linux distributions, nicknamed “Dirty Pipe” (CVE-2022-0847). It lets an unprivileged user overwrite any file, or part of a file, in a Linux system, even read-only ones. Several variants have already been disclosed that allow for the replacement of SUID files.

Patches for CVE-2022-0847 will be made available through KernelCare in the coming days, and this post will be updated with availability information as each becomes ready. At this moment, vulnerable kernel versions include 5.8 and onwards, with the flawed commit having been backported to multiple 4.x versions as well.

[Update 9th March: Updates for RHEL 8 and Oracle EL 8 are now available for deployment. Further patches are being prepared for other distributions.

Update 10th March: Updates for CentOS8, Almalinux 8, Rocky Linux, Ubuntu 20.04, CloudLinux 8 and CloudLinux 7h are also completed and are going to show up on feeds.

Update 11th March: Another batch of updates released for Ubuntu 18.04, Proxmox VE5 and Proxmox VE6.]

To understand the underlying flaw behind CVE-2022-0847, it is important that we first offer some brief information regarding CVE-2016-5195. “Dirty Cow” was possible because a race condition was found in the Copy-On-Write subsystem within the kernel. As a result, an unprivileged user could write in otherwise unreachable memory locations through this flaw. This would “dirty” those memory locations, hence the name. Moving from this to an elevation of privilege is a trivial operation for any properly motivated malicious actor, and in fact, that is precisely what happened. While “Dirty Cow” started as a local-only exploit, it was soon discovered that web servers that had the option to accept uploads from users could also be used as an attack vector. Hence, the vulnerability turned out to be remotely exploitable.

Fast forward a few years, and now IT teams are faced with “Dirty Pipe”, or CVE-2022-0847 if you think nicknaming vulnerabilities is not a very professional thing to do. As the name suggests, the flaw this time lies in the pipe handling code. Pipes are used as a way to pass information between processes. The most visible way pipes are used is when chaining commands, passing the output from one to the next through a “pipe”. Note that pipes can be created directly in code rather than simply used in the shell by an end-user or script.

It turns out that code introduced in this commit to the Linux Kernel “refactored” the way pipe flags (a way to control pipe behavior) are handled. You can read the extensive process behind the discovery of this vulnerability here.

Long story short, it became possible to write user-controlled content at an also user-controlled location in any file within the system (note that, since everything in a Linux system is technically a “file”, new variants of this vulnerability may introduce new, as-of-yet unknown behaviors). For example, introducing new content into /etc/shadow, or other, more subtle, ways of manipulating a system.

Since the exploit code is trivial, it is already widely available online (while not a deterrent, we try to refrain from posting direct links to exploit code on our blog). Because pipes are a basic functionality of the Kernel, the potential risk posed by this vulnerability is very high. It is also noteworthy that several variants have already been found, where the same flaw is used to abuse other system components rather than just writing directly to otherwise unwritable files. It is not that far-fetched to imagine that remotely exploitable attack vectors will surface in the coming days, just like they appeared for “Dirty Cow” in 2016.

For a quick check customers might want to verify the kernel version in use. Kernels before 5.8 and starting with 5.16.11, 5.15.25, 5.10.102 are not affected. Other Kernel versions may depend on specific backporting policies by each vendor and are currently being evaluated.

Updates for RHEL 8, Oracle EL 8, CentOS8, Almalinux 8, Rocky Linux, Ubuntu 18.04, Ubuntu 20.04, Proxmox VE5, Proxmox VE6, CloudLinux 8 and CloudLinux 7h are now available for deployment through KernelCare Enterprise. Further patches are being prepared for other distributions. IT teams are strongly encouraged to patch this vulnerability as soon as possible. TuxCare’s patches for KernelCare Enterprise will be made available shortly, and this post will be updated to reflect the actual availability of these patches when each is released.

TuxCare’s KernelCare Enterprise is providing live patches for “Dirty Pipe” even when the original distribution vendor is not able to do so with their own live patching solution.

Through KernelCare Enterprise, receiving patches for this and other vulnerabilities can be done without disrupting running workloads or having to reboot systems. If you would like to know more about KernelCare Enterprise and other TuxCare products, please check here.

Key points to consider during your 7 days of KernelCare Enterprise POV

Proof of value (POV) is a key step in the buying process. It allows tech teams to test a product or service to find out whether it is fit for purpose, and a good match for the team’s needs. That’s why KernelCare offers a free seven-day period where you can test KernelCare for yourself.

It’s nonetheless a limited time period, and you need to make the best of it. In this article we outline some of the points you should think about when you try out KernelCare Enterprise in your organization. Continue reading “Key points to consider during your 7 days of KernelCare Enterprise POV”

Securing confidential research data through TuxCare live patching

The University of Zagreb’s Croatian Academic and Research Network (CARNet) faced a significant threat: like other educational institutions, its networks were under constant attack from cybercriminals. But the one obvious route to secure operations – regular patching – was difficult to perform consistently.

In this case study we examine how Mirsad Todorovac, CARNet system engineer at the University of Zagreb, discovered KernelCare Enterprise and how the product – a TuxCare service – helped the university to battle mounting cyber threats.

Continue reading “Securing confidential research data through TuxCare live patching”

Monthly TuxCare Update – February 2022

Welcome to the February instalment of our monthly news round-up, bought to you by TuxCare. We’re proud to be a trusted maintenance service provider for the Enterprise Linux industry. Thanks to our live patching solutions, we help maximize system security and uptime whilst reducing your maintenance workload and minimizing system disruption.

Continue reading “Monthly TuxCare Update – February 2022”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching