About the worst Linux vulnerability in a long time we only had I mentioned a few days ago. Dubbed “Dirty Pipe”, the vulnerability affects Linux kernel 5.8 and later, also on Android devices. If successfully exploited, the vulnerability could allow unauthorized users to inject and overwrite data into read-only files, including SUID processes running as root. Security researcher Max Kellerman, who discovered and reported the bug, also published a proof of concept (PoC). It shows how easy it is to exploit a privilege elevation vulnerability.
Infographic: Every third German is kept in the cloud
The reaction to the announcement was quick, and there are patches corresponding to the vulnerability for Linux kernel versions 5.16.11, 5.15.25 and 5.10.102.
Implementation takes time
Companies like Taiwanese hardware maker QNAP are now working to incorporate patches. QNAP now warns – users will have to wait for the company to release its security updates.
“If this vulnerability is exploited, a non-privileged user could gain administrative privileges and enter malicious code,” QNAP said in a new security advisory report. “There is currently no fix for this vulnerability. We encourage users to check for and install security updates as they become available.”
NAS devices are affected with kernel version 5.10.60. According to QNAP, the bug affects devices running QTS 5.0.x and QuTS hero h5.0.x, including:
- QTS 5.0.x on all QNAP x86-based NAS and some QNAP ARM-based NAS
- QuTS hero h5.0.x on all QNAP x86-based NAS and some QNAP ARM-based NAS
Access Denied
A full list of all affected models can be found in the file Safety Notice company. However, for QNAP to actually deploy security updates to fix the Dirty Pipe vulnerability, it must be ensured that the NAS device is no longer connected to the Internet to prevent local access attempts. In the Security Notice, QNAP explains the detailed steps for disabling SSH and Telnet connections, changing the system port number, changing device passwords, and enabling IP and account access protection.
See also:
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”
More Stories
An asteroid burns over Germany and breaks a record
The first tests on the expensive, premium wooden PC with the Geforce RTX 4090 show flaws
Microsoft is preparing a new AI model to compete with Google and OpenAI, The Information reports