The Terrible Tuesday For Both Linux And Windows Sysadmins

The Terrible Tuesday For Both Linux And Windows Sysadmins

A SAM-wise Travesty And A Very Long Path

There are a pair of newly discovered vulnerabilities to add to the nightmares of sysadmins everywhere, both those running Windows and Linux infrastructures.  In one case it is an issue with the security of system passwords while the other is an odd way to gain escalated privileges and sadly both are still currently exploitable.

The Windows vulnerability was discovered by a researcher looking through the current Windows 11 beta, who discovered that the security account manager is set to allow users to read it.  Even more depressing was their discovery that the same issue exists on Windows 10.  The SAM is where Windows stores password hashes for both system and user accounts, and is something you definitely don’t want just anyone to be able to read.  If the files can be read they can be extracted and decrypted, which will give an attacker a chance to discover everything from the password used to set up Windows to a system key that will let you decrypt any and all private keys on the system.

It is caused by the Volume Shadow Copy Service, a handy tool that Windows uses to take a snapshot of the OS without locking the entire system and runs just about any time you run Windows Update or an MSI installer.  You can see if the service is running by entering in vssadmin list shadows  to an elevated command prompt.

The Linux vulnerability is recently discovered but not at all new, though to implement it you have to do something a little odd.  If you create, mount and then delete a folder whose path name exceeds 1GB in total you can then read the /proc/self/mountinfo on the system and gain full system rights.  The researcher describes having to create around 1 million subdirectories to be able to hit that 1GB mark to trigger the privilege escalation.  This will currently work on Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation, with more possible.

Keep an eye out for patches, hopefully more effective ones than PrintNightmare.

The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!