[RITL] FW: Outreach: Linux bugs --> Crash, Root; and then vulnerable printers CVSS 8.8

Wed Jul 21 11:01:30 PDT 2021

Forwarding for awareness.

Regards,
Chuck Forsyth

From: University of California Information Technology Policy & Security <UCITPS-L at LISTSERV.UCOP.EDU> On Behalf Of Robert Smith
Sent: Wednesday, July 21, 2021 10:54 AM
To: UCITPS-L at LISTSERV.UCOP.EDU
Subject: Outreach: Linux bugs --> Crash, Root; and then vulnerable printers CVSS 8.8

Hello ITPS,

Good late morning to you.

3 items worthy of watching/mitigating in the greater UC environment.

Item 1 - Nasty Linux systemd security bug revealed

Qualsys has found an ugly Linux systemd security hole that can enable any unprivileged user to crash a Linux system. The patch is available, and you should deploy it as soon as possible.

It works by enabling attackers to misuse the alloca() function in a way that would result in memory corruption. This, in turn, allows a hacker to crash systemd and hence the entire operating system. Practically speaking, this can be done by a local attacker mounting a filesystem on a very long path. This causes too much memory space to be used in the systemd stack, which results in a system crash.

Links:
https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/cve-2021-33910-denial-of-service-stack-exhaustion-in-systemd-pid-1

Item 2 - New Linux kernel bug lets you get root on most modern distros (local not remote)

Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices.

As discovered by Qualys researchers, the LPE security flaw tracked as CVE-2021-33909 (dubbed Sequoia) is present in the filesystem layer used to manage user data, a feature universally used by all major (Linux) operating systems.

According to Qualys' research, the vulnerability impacts all Linux kernel versions released since 2014.

Once successfully exploited on a vulnerable system, the attackers get full root privileges on default installations of many modern distributions.

"We successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation," the researchers said.

Link: https://www.bleepingcomputer.com/news/security/new-linux-kernel-bug-lets-you-get-root-on-most-modern-distros/

Item 3- Millions of Devices Affected by Vulnerability in HP, Samsung, Xerox Printer Drivers

A printer driver shipped to millions of computers since 2005 is affected by a vulnerability that can be exploited for privilege escalation, according to endpoint security company SentinelOne.

The vulnerability was initially discovered earlier this year in a driver shipped with HP printers, but a closer analysis revealed that the impacted component has also been delivered with Samsung and Xerox devices. The problematic driver was developed based on open source driver samples made available by Microsoft, but the vulnerability does not appear to exist in the original sample.

HP has listed more than 380 HP and Samsung printer models affected by the flaw. Xerox has identified a dozen printer models affected by the vulnerability.

HP and Xerox have released patches for the vulnerability, and consumers and enterprises have been advised to install them.

The security hole is tracked as CVE-2021-3438 and it has been assigned a high severity rating (CVSS score of 8.8).

Links (technical details in the 2nd link):
https://www.securityweek.com/millions-devices-affected-vulnerability-hp-samsung-xerox-printer-drivers
https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/

Enjoy a jocund day,
Robert Smith, CISSP
Systemwide IT Policy Director/Security Director
Information Technology Services
University of California Office of the President
(510) 587-6244 (o)
(510) 541-8103 (m)
robert.smith at ucop.edu<mailto:robert.smith at ucop.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/ritl/attachments/20210721/74bf21dd/attachment.html>