Linux内核AppArmor模块存在九个安全漏洞可导致权限提升

网络安全研究人员披露了Linux内核AppArmor模块中的多个安全漏洞,这些漏洞可能被非特权用户利用来绕过内核保护、提升至root权限,并破坏容器隔离保证。 这九个混淆代理漏洞被Qualys威胁研究小组(TRU)统称为CrackArmor。这家网络安全公司表示,该问题自2017年以来就存在。目前尚未为这些缺陷分配CVE标识符。 AppArmor是一个Linux安全模块,提供强制访问控制(MAC) ...
腾讯网

Linux AppArmor曝9漏洞,1260万系统面临root提权风险

全球广泛使用的 Linux 安全防护工具 AppArmor 被发现存在重大安全隐患。网络安全公司 Qualys 近期披露了影响该工具的九个漏洞,这些漏洞存在于 Ubuntu、Debian 和 SUSE 等主流 Linux 发行版默认集成的安全增强系统中。研究人员指出,这些漏洞最早可追溯至 2017 年的 v4.11 版本,目前威胁着超过 1260 万台企业系统。 "困惑代理"攻击原理剖析 要理解这 ...

Linux内核AppArmor模块发现九大安全漏洞,需紧急修复!

最近,网络安全研究人员揭示了Linux内核AppArmor模块中存在的九个安全漏洞,这些漏洞可能被非特权用户利用,进而绕过内核保护机制,提升至root权限,并破坏容器隔离的安全性。Qualys威胁研究小组(TRU)将这些漏洞统称为CrackArmor,令人震惊的是,这些问题自2017年以来就一直存在,至今尚未分配CVE标识符。
ZDNet

Nasty Linux systemd root level security bug revealed and patched

The power to grab root privileges is the ultimate evil in Unix and Linux systems. Kevin Backhouse, a member of the GitHub Security Lab, found the polkit security hole in the course of his duties. He ...
The Hacker News

Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation

Nine CrackArmor flaws in Linux AppArmor since 2017 enable root escalation and container bypass, putting 12.6M systems at risk.
Bleeping Computer

Linux system service bug lets you get root on most modern distros

Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. The polkit ...
Ars Technica

Microsoft finds Linux desktop flaw that gives root to untrusted users

Vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights— the latest elevation of privileges flaw to ...
Bleeping Computer

New Linux kernel NetFilter flaw gives attackers root privileges

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system. The CVE-2023-32233 ...
ZDNet

10-year-old Sudo bug lets Linux users gain root-level access

A major vulnerability impacting a large chunk of the Linux ecosystem has been patched today in Sudo, an app that allows admins to delegate limited root access to other users. For the technical details ...
Dark Reading

Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers

Two vulnerabilities in the Ubuntu implementation of a popular container-based file system allow attackers to execute code with root privileges on 40% of Ubuntu Linux cloud workloads, researchers have ...
Hackaday

Linux Fu: The Root Cause

There was a time when real system administrators just logged into Unix systems as root. But as we all know — with great power comes great responsibility. It’s too easy to do terrible things when you ...