Recently discovered Linux flaws are now fixable

A discovery of a Google code security researcher has brought 14 flaws in Linux kernel USB drivers into the light last week and it in turn has led to a last minute fix in the Linux 4.14 release candidate code set which was in due to be distributed last Sunday. The flaws, which Google researcher Andrey Konovalov disclosed earlier this week, affect the Linux kernel before version 4.13.8.

All the 14 flaws are now covered with plausible fixes, but they are now tagged as a part of a much larger group that contains 79 flaws affecting the Linux kernel' s USB drivers, some of which remain un-patched. Within this larger group of coding flaws, 22 now have a Common Vulnerabilities and Exposures number, for which fixes are available.

However, many of the flaws have not been fixed, according to Konovalov. Konovalov found the flaws using a kernel fuzzer called " syzkaller," created by another Google security researcher, Dmitry Vyukov. The technique involves throwing large volumes of random code at a target piece of software in an attempt to cause crashes.

Further, according to Konovalov, Attackers must have physical access to the computer in order to carry out the attack. It is believed that those flaws can be used to hack even the air grapped systems which are not connected to the internet.

Tag : Linux
FAQ
Q
What is the recent Linux security attack?
A
Another recent attack on Linux security and open source software was the “BlueBorne” attack vector that exploits vulnerabilities in Bluetooth implementations. It can take over a device and use it to spread malware or ransomware and become part of a botnet. At risk are almost 5.3 billion devices that use Windows, iOS, Android and Linux-based operating systems. Examples of a few Linux devices at risk are Samsung’s Gear S3 smartwatch, a few Samsung televisions, drones, Tizen devices, and some Linux desktop PCs and servers.
Q
What is discovered Linux flaws?
A
A discovery of a Google code security researcher has brought 14 flaws in Linux kernel USB drivers into the light last week and it, in turn, has led to the last-minute fix in the Linux 4.14 release candidate code set which was in due to being distributed last Sunday. The flaws, which Google researcher Andrey Konovalov disclosed earlier this week, affect the Linux kernel before version 4.13.8.
Q
What are the Five common Linux security vulnerabilities?
A
1.General lack of patch management for the OS
2.Outdated third-party.
3.Lack of password enforcement.
4.General lack of system hardening
5.Lack of backups.
Q
What are the Top Top Vulnerabilities in Linux?
A
BIND Domain Name System.
Remote Procedure Calls (RPC)
Apache Web Server.
General UNIX Authentication -- Accounts with No Passwords or Weak Passwords.
Clear Text Services.
Sendmail.
Simple Network Management Protocol (SNMP)
Secure Shell (SSH)
Q
What Are the Most Common Linux Vulnerabilities in 2018?
A
We’ve put together a list of the top 5 Linux Vulnerabilities that hit organizations so far in 2018, aggregated by the WhiteSource database, which is updated continuously from the National Vulnerability Database (NVD), that most developers and security professionals know and love, as well as additional open source publicly available, peer-reviewed security advisories. Some of these might have been first uncovered before 2018, but are still alive and kicking in many systems.