Jet CSIRT experts continue to compile top information security news for you this week. This time, the TOP-3 includes 15-year Linux kernel subsystem vulnerabilities, a new study of the OnionCrypter cryptor, and a new PoC code for exploiting the Specter vulnerability. The top three news were collected by Jet CSIRT analyst Andrey Maslov. Read more under the cut.
15-year vulnerabilities identified in Linux kernel subsystem
Experts from the GRIMM organization have identified vulnerabilities in the iSCSI subsystem of the Linux kernel ( CVE-2021-27365, CVE-2021-27363 , CVE-2021-27364 ) that allow a local user with basic privileges to elevate himself to the superuser level. Exploitation of vulnerabilities is possible only if the attacker has local access to the system. Despite the fact that vulnerabilities in the iSCSI subsystem appeared in the early stages of development back in 2006, they were revealed only now. Vulnerability fixes are already available in the main Linux kernel as of March 7, 2021.
OnionCrypter Crypter Research Published
Experts of the company Avast published a study of one of the tools by which attackers can hide malicious code from protection by encrypting the payload. Due to its multilevel structure, the identified tool was named OnionCrypter. This utility has two distinctive features. First, it has multilayer payload encryption. And secondly, the main functions in each of the studied samples are unique.
Google Unveils PoC Code To Exploit Specter Vulnerability
Google researchers have published a JavaScript exploit that demonstrates the possibility of using the Specter vulnerability (CVE-2017-5753) to access information in the browser memory area. According to Google engineers, the exploit works on a variety of architectures and in practice proves the unreliability of some of the protection mechanisms currently used by developers (site isolation, Cross-Origin, Cross-Origin Read Blocking). To fully demonstrate the attack, the specialists created the leaky.page website , which describes in detail the stages of the attack and the mechanisms involved.