The exploit Theori created worked on Ubuntu, Amazon Linux, RHEL, and SUSE Linux.
Shared systems under ‘extreme risk’
“The exploit is trivial,” said DeepCove Security’s Meghu. “The good news is, it’s not a remote code execution, which gives us breathing room to patch when fixes are available, but there needs to be priority placed on any shared systems, since any local user could easily escalate their privilege to root. Those systems are under extreme risk right now.”
His biggest fear is that an exploit could become be part of a chain of attacks. Because the escalation of privilege part of it is trivial to accomplish, he said, “I am not at all thrilled about waiting for patches.” An exploit could hit all of an IT department’s Linux systems and containers, as well as the organization’s supply chain, and it will take a “significant amount of work” to patch and verify every system, he said, which means CSOs will need to have a good handle on their software inventory and dependencies.
