top of page
  • Stefan Prandl

Linux distributions are having a bad week

Linux is a widely spread operating system. It runs basically all of your IoT devices (from your smart fridge, to your smart car, to your Android, to your Alexa), and a disproportionately large number of web services, including everything from web sites to crypto wallets. Recently (as in the last week) Qualys discovered that all linuxes are vulnerable to a very nasty local privilege escalation bug that can be run from any privilege context. What this means is that if attackers manage to gain any foothold on a linux device at all, they can convert that effortlessly into total control of the computer. They can become “root”, which is essentially the linux demigod account. All files belong to it, it can access and edit anything on the computer, can install programs, can delete programs, can create and destroy user accounts… anything.

This may not seem particularly dangerous on first glance (I mean, they need access to a computer right?) but what this means is that if you run web services, you more than likely are one bug away from an attacker completely taking over one of your trusted machines and turning it into a platform to dive deeper into your network. Once they have root over one machine, they can convert it from a harmless web server into a command and control platform for advanced reconnaissance and attack staging, with a straight shot window into your network.

These linux devices are behind firewalls (imagine your company google home speaker being used as the attacker’s backdoor), and they can be used to bypass your perimeter detection completely. Looking for these badly behaving compromised servers is what firebug does best, and it’s the sort of thing we can really help with.

15 views0 comments
bottom of page