A new vulnerability allows an attacker to gain administrator access on some of the most popular Linux distributions. The bug affects the kernel and has been named Sequoia . This can put the security of many servers at risk if they do not receive the correct patches to fix the problem as soon as possible.
Sequoia, the new threat affecting Linux
This serious security flaw has been registered as CVE-2021-33909 . It has been discovered by a group of Qualys cybersecurity researchers. The bug affects the file system and would give an attacker root access. It affects distributions like Ubuntu, Debian and Fedora.
However, there are many distributions that can be affected. This includes servers of all kinds that are based on Linux. Researchers believe that Sequoia affects all versions of the Linux kernel since 2014 . Specifically, it is a size_t-to-int conversion vulnerability in the file system.
This is a significant problem, since beyond affecting a large number of distributions, any user without privileges can gain root access and have full control. The bug affects the kernel file system layer.
As indicated by security researchers, what an unprivileged local attacker does is create, mount and delete a deep directory structure whose total path length exceeds 1 GB and then open and read roc / self / mountinfo could write outside of memory limits.
This is what would give you access to being able to corrupt data, crash the system or even execute malicious code without authorization. Ultimately you are going to become the root user and have control of that system. They report all the technical details on their official website .
Testing on different distributions
From Qualys, the group of researchers who discovered this vulnerability have been able to test how it works and achieve root privileges in different default installations such as Ubuntu 20.04 , Ubuntu 20.10 , Ubuntu 21.04 , Debian 11 or Fedora 34 Workstation . They have launched a proof of concept that we can see on their website .
Luckily we already have a solution to this problem. What’s more, it is convenient to update immediately and thus be able to correct this serious failure. It affects the kernel between versions 3.16 to 5.13.X , prior to 5.13.4. Therefore, it is important that we update our Linux system as soon as possible to the 5.13.4 kernel, which has just been released to correct the Sequoia problem.
From this article we always recommend keeping the equipment updated with the latest version available. The case of Sequoia and how they could put our unpatched Linux systems at risk is but one example. There are many threats on the network that take advantage of uncorrected flaws. We must always update the firmware of the router and network card, but also at the operating system level, whether we use any of these versions of vulnerable Linux or any other that may be affected by a different security problem.
