image
  • +91 7821055537, +91 9982201414
  • bdm.br
  • +1-603-275-9923
  • +1-650-727-6690

Buffer Overflow Flaw Enables Linux Privilege Escalation

Technology
Apr 03, 2020
Follow Us:
Buffer Overflow Flaw Enables Linux Privilege

While new vulnerabilities are discovered every day, few of them exist for as long as nine years or in an application as commonly used as sudo. However, a new buffer overflow vulnerability in sudo was patched in February 2020, closing a hole that would allow an unauthorized user to have root-level access and control on a vulnerable machine.

How a Buffer Overflow Vulnerability Works

Buffer overflow vulnerabilities are caused by a failure in memory management and user input validation. If a developer fails to ensure that data can actually fit in the location where it is being placed, the code can be vulnerable to exploitation.

Inside a computer program, a piece of data needs to be stored somewhere at all times. This requires the program to explicitly allocate some range of memory for that data and provide an address for the data to be written. In order for this allocation to occur, the program needs to know how much data is going to be stored. This value is either specified by the developer (i.e. they need space to store an eight-character password) or built into the types of data that they’re using (an integer is stored in a certain number of bytes).

A problem arises when the amount of data that a program tries to store is larger than the size allocated to hold it. For example, a web page may say that a user can only enter a username of sixteen characters or less. However, there is no mechanism in the code preventing a longer username from being sent to the webserver and processed by the application, or this mechanism can be bypassed by an attacker.

If this is the case, the application may try to write more memory at a location than can fit in its allocated space. This means that the user-provided input will spill over into memory allocated to another piece of data. Depending upon the purpose of this other data, having its value changed can have significant impacts upon the functionality and security of the application.

The Hidden Sudo Buffer Overflow Bug

Like every operating system, Linux has multiple levels of user privilege built into it. In many cases, especially for critical systems, it isn’t desirable to allow everyone to have full control of the machine. As a result, users are typically assigned limited user accounts, while administrators may have elevated or “root” level permissions on the machine.

The sudo command in Linux is designed to allow someone with root level permissions to use those permissions on the system. Since this program is so powerful and is at the core of the Linux privilege and security model, any bugs or vulnerabilities in this code are extremely dangerous.

In February 2020, a buffer overflow bug was patched in versions 1.7.1 to 1.8.25p1 of the sudo program, which stretch back nine years. On certain systems, this would allow a user without sudo permissions to gain root level access on the computer. The buffer overflow vulnerability existed in the pwfeedback feature of sudo. This feature is designed to print a line of asterisks when the user enters their password, providing visual feedback on password length. However, this feature allowed input from other programs (making it easy to send very long “passwords”) and included a buffer overflow vulnerability that enabled users to gain root access on affected machines.

This vulnerability is significant since a high percentage of servers run the Linux operating system, and elevated permissions are a common goal during a cyberattack. Once an attacker has gained control of a lower-level account (through phishing, exploitation, etc.), they attempt to elevate these privileges to root level in order to carry out their attack. This sudo bug represents a significant privilege escalation bug in Linux, making it vital to update all systems to a secure version of sudo as soon as possible.

The Ongoing Threat of Buffer Overflows

Buffer overflows are not a new type of vulnerability. They have been around for years and prominently feature on many common vulnerabilities lists. In fact, they top the 2019 CWE List of the Top 25 most dangerous software errors. Buffer overflow vulnerabilities are an ongoing threat because they are an easy mistake to make, and often a difficult one to detect. There are many different variations of the buffer overflow bug, all of which could potentially be exploited by an attacker.

Some programming languages, like Python and Java, are designed to make buffer overflow vulnerabilities impossible by either resizing memory as necessary to match input lengths or making it impossible to write past the end of a memory buffer. However, the continued use of vulnerable languages and legacy code still makes it a common vulnerability.

Protecting Against Buffer Overflow Exploits

For buffer overflow vulnerabilities like the one contained in sudo, protection comes down to proper patch management. When these vulnerabilities are publicized and a patch is available, this information will be included on lists of known vulnerabilities. Checking for known vulnerabilities in an organization’s systems is a crucial part of cyber threat management.

For software more vulnerable to direct attack, like an organization’s web applications, a more proactive approach may be necessary. Deploying a web application firewall (WAF) to defend against online attacks and runtime application self-protection (RASP) for critical applications can help to defend them against exploitation.

Nitin Garg

I am Nitin Garg, founder of BR Softech PVT LTD - an award-winning mobile game development company known for its excellence in the gaming domain. We have a team of 180+ exceptional professionals & we have a satisfied clientele of 2.7k+ globally. Driven by an entrepreneurial spirit, I aim to elevate BR Softech to a billion-dollar company.

Get Live API Demo

Scan QR Code

For Immediate Contact

skypeSkype whatsappWhatsapp

Categories

Get in Touch

Name*

Email*

Country Name*

Mobile No*

Message*

close

Get in Touch

Country Name *