Lucene search

K
thnThe Hacker NewsTHN:938E26EF0D2BCE29F29F40BEEB9944AB
HistoryMar 15, 2022 - 3:44 a.m.

'Dirty Pipe' Linux Flaw Affects a Wide Range of QNAP NAS Devices

2022-03-1503:44:00
The Hacker News
thehackernews.com
139

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

94.2%

Linux Flaw

Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems.

“A local privilege escalation vulnerability, also known as ‘Dirty Pipe,’ has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x,” the company said. “If exploited, this vulnerability allows an unprivileged user to gain administrator privileges and inject malicious code.”

The Taiwanese firm said it’s continuing to thoroughly investigate its product line for the vulnerability and that QNAP NAS devices running QTS versions 4.x are immune to the Dirty Pipe flaw.

Tracked as CVE-2022-0847 (CVSS score: 7.8), the shortcoming resides in the Linux kernel that could permit an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of vulnerable machines.

“An unprivileged local user could use the Dirty Pipe flaw to write to pages in the page cache backed by read-only files and as such, escalate their privileges on the system,” Kaspersky researchers said earlier this week. “This vulnerability happens due to usage of partially uninitialized memory of the pipe buffer structure during its construction.”

Successful exploitation of the high-severity flaw could enable an attacker to create unauthorized cron jobs, modify sensitive files such as /etc/passwd, and even break out of containers. The issue has since been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022, three days after it was reported to the Linux kernel security team.

“Currently there is no mitigation available for this vulnerability,” the company added. “We recommend users to check back and install security updates as soon as they become available.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

94.2%