Cyber defense expert discovers vulnerability in Linux audit framework

To support our customers with technical expertise and the latest industry knowledge, our cyber defense experts address fundamental questions and undergo mandatory training on a broad variety of products.

It was in carrying out this kind of fundamental research in the Linux audit framework (Auditd) that we discovered a not insignificant vulnerability.

After a thorough evaluation, we determined that file monitoring can be circumvented with sufficient authorizations. Specifically, the user must have the CAP_DAC_READ_SEARCH capability. This is typically true of the “root” administrator account. Under these conditions, the user can open files with the “open_by_handle_at” syscall and read and modify them at will without generating an entry in the Auditd log. We verified that this vulnerability can be exploited on CentOS7, CentOS8 and Ubuntu16.04.

The vulnerability was reported to the manufacturer RedHat, Inc. in mid-November 2020. In accordance with standard disclosure practice, we gave the manufacturer 90 days to rectify the vulnerability. The problem has been published under the reference CVE-2020-35501.

To keep our customers secure, our employees are deeply involved in the technical aspects of all processes. It is testament to the conscientiousness of our cyber defense experts that they managed to find this vulnerability.

Please feel free to contact us for more information about the discovery of the vulnerability and possible countermeasures.

Thomas Bode · Author

Marketing Manager

Thomas Bode ist Marketing Manager bei der SECUINFRA. Neben den marketingrelevanten Aufgaben verantwortet Thomas auch das soziale Engagement der SECUINFRA.

Thomas Bode ist Marketing Manager bei der SECUINFRA. Seine beruflichen Wurzeln liegen in der Tourismus-Branche, weshalb er u.a. die Planung und Organisation von Firmenevents bei der SECUINFRA verantwortet. Dabei ist es sein Ziel, nicht nur ausgefallene Reiseziele und Locations zu finden, sondern sich auch Aktivitäten zu überlegen, die für alle in besonderer Erinnerung bleiben und das Team weiter zusammenwachsen lassen. Neben den marketingrelevanten Aufgaben verantwortet Thomas auch das soziale Engagement der SECUINFRA. Seine Freizeit verbringt Thomas entweder mit seiner Familie oder zu Wasser beim Rudern auf dem Kalksee.

Marketing Manager

Thomas Bode is Marketing Manager at SECUINFRA. In addition to marketing-related tasks, Thomas is also responsible for SECUINFRA's social commitment.

Thomas Bode is Marketing Manager at SECUINFRA. His professional roots are in the tourism industry, which is why he is responsible for planning and organizing corporate events at SECUINFRA, among other things. In doing so, his goal is not only to find unusual destinations and locations, but also to come up with activities that will be remembered by everyone and that will help the team to grow together. In addition to marketing-related tasks, Thomas is also responsible for SECUINFRA's social engagement. Thomas spends his free time either with his family or on the water rowing on the Kalksee.
Beitrag teilen auf: