The Terrible Tuesday For Both Linux And Windows Sysadmins
A SAM-wise Travesty And A Very Long Path
There are a pair of newly discovered vulnerabilities to add to the nightmares of sysadmins everywhere, both those running Windows and Linux infrastructures. In one case it is an issue with the security of system passwords while the other is an odd way to gain escalated privileges and sadly both are still currently exploitable.
The Windows vulnerability was discovered by a researcher looking through the current Windows 11 beta, who discovered that the security account manager is set to allow users to read it. Even more depressing was their discovery that the same issue exists on Windows 10. The SAM is where Windows stores password hashes for both system and user accounts, and is something you definitely don’t want just anyone to be able to read. If the files can be read they can be extracted and decrypted, which will give an attacker a chance to discover everything from the password used to set up Windows to a system key that will let you decrypt any and all private keys on the system.
It is caused by the Volume Shadow Copy Service, a handy tool that Windows uses to take a snapshot of the OS without locking the entire system and runs just about any time you run Windows Update or an MSI installer. You can see if the service is running by entering in vssadmin list shadows to an elevated command prompt.
The Linux vulnerability is recently discovered but not at all new, though to implement it you have to do something a little odd. If you create, mount and then delete a folder whose path name exceeds 1GB in total you can then read the /proc/self/mountinfo on the system and gain full system rights. The researcher describes having to create around 1 million subdirectories to be able to hit that 1GB mark to trigger the privilege escalation. This will currently work on Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation, with more possible.
Keep an eye out for patches, hopefully more effective ones than PrintNightmare.
The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.
More Tech News From Around The Web
- Ubuntu on a phone, anyone? UBports reaches 18th stable update, but it’s still based on 16.04 @ The Register
- Nasty Linux Systemd Security Bug Revealed @ Slashdot
- Fortinet’s security appliances hit by remote code execution vulnerability @ The Register
- Samsung confirms August 11 event—here’s what to expect @ Ars Technica
- GlobalFoundries to build second chip fab next to NY HQ @ The Register
- Transportation Intel Intel’s Mobileye Begins Testing Autonomous Vehicles In New York City @ Slashdot
- Windows 11: What we like and don’t like about Microsoft’s operating system so far @ The Register