This vulnerability, hidden within the netfilter: nf_tables component, allows local attackers to escalate their privileges and potentially deploy ransomware, which could severely disrupt enterprise systems worldwide.
For exploiting a privilege escalation the attacker must be able to run their own code on your machine. If you let them do such things, you already have more than enough security problems in the first place.
Except for supply chain attacks. You get a foot in the door, and open the rest with impunity
Yes, but still a privilege elevation bug is still less risky than a remote execution one.
They’re replying to the victim blaming mentality of “if you let them then you have bigger problems” in your comment. Not your point about it being less dangerous than remote execution.
Feeling pret-ty smug about my Windows 10 machine rn ngl
Your Windows 10 machine? Microsoft disagree.
Lol because Windows has never been exploited
Name literally one time!?
This is a joke right
I hacked it. The screen said “It is now safe to turn off your computer.” but I left it on instead.
That one time that Clippy started peeling off it’s flesh whilst chanting in reversed Latin and also wasn’t in the computer anymore.
(This was after I let it play that Flash with the Badger song for two weeks so I kinda understand what happened.)
This only affects positively ancient kernels:
From (including) 3.15 Up to (excluding) 5.15.149 From (including) 6.1 Up to (excluding) 6.1.76 From (including) 6.2 Up to (excluding) 6.6.15 From (including) 6.7 Up to (excluding) 6.7.3
If I’m not mistaken, RHEL9 and equivalents are on 5.15. That’s a pretty big blast radius.
I think RHEL9 uses 5.14 as base
You’re right, it’s 5.14 not 5.15 like I thought. I’m spending most of my time im Debian these days though, so I’m glad I wasn’t too far off.
They will probably have a version newer than 5.15.149.
AliasAKA is correct, it’s actually 5.14, not 5.15 like I thought.
fuck my phone running android is vulnerable
Debian Bookworm (Debian 12/oldstable) would be affected then, I think?
It looks to be on 6.1.153 currently which is much newer than 6.1.76.
Sweet, cheers for checking - I just remembered it being on 6.1.?
How would I know what kernal I have?
With the
uname -acommand
And that kids, is why we are pushing for Rust in the Kernel
But… You dont understand, Rust is the devil! If Rust were made the kernel’s main language it would terrible because that would mean change 😭😭😭
But then the kernel wouldn’t be free! Free as in ‘use-after-free’!
(/s in case it wasn’t obvious)
Yay! Pick an arbitrary solution to a problem just because it’s different and shiny! The shine will fix it!
Rust would not of fixed this
Rust isn’t magical
Explain how a use after free could occur in safe rust, because to my knowledge, that is exactly the kind of thing rust does protect against.
Easy. Do some specific incantation that barely looks like it follows rust syntax that is specifically made to exploit a bug in the rust compiler.
Duh, by wrapping it in an
unsafeblock.
Boom.
You never say “would not of”. It’s “would not have”.
Rust would have prevented this, because the borrow checker prevents use-after-free vulnerabilites.
Do you know what a use-after-free bug is? Rust was literally designed to make this type of memory bug impossible.
Lol. You have no idea what you are talking about about here 😂
Granted, I was mostly shit posting. But in all seriousness: wouldn’t Rust prevent that kind of exploit by inherent design?
Due to Rust’s ownership semantics, when we free a value, we relinquish ownership on it, which means subsequent attempts to use the value are no longer valid.
https://stanford-cs242.github.io/f18/lectures/05-1-rust-memory-safety.html
C++ would also solve this for the same reason!!
If this is a joke, I don’t get it
It’s not a joke. What was described above is pretty much C++'s RAII pattern, which Rust evangelists love to present as a revolutionary Rust invention. Used with smart pointers, it will help avoid use-after-frees. What it doesn’t avoid is null pointer exceptions (you can
std::movea unique_ptr and still access it, it’ll just be nullptr), but those will typically “just” be a crash rather than a gaping security hole.That is not to say Rust doesn’t have its own innovations on top of that (notably that the compiler stringently enforces this pattern), and C++ does give you many more ways to break the rules and shoot yourself in the foot than Rust does.
Your second half there is the whole point.
Being memory unsafe in C++ is can occur by accident.
Being memory unsafe in Rust… essentiallly requires consistent intent.
When coming up with guidelines for an emgineering procesd that can go catastrophically wrong… do you use a stricter ruleset, or a less strict one?
That’s basically the safety argument.
If you follow modern C++ best practices, memory unsafety will not happen by accident. The dodgy stuff in modern, idiomatic C++ is immediately obvious.
I think the idea is that it’s easier to manage your resources in C++ if you write your code using RAII. Linux is mainly C, not C++, which makes resource management a little bit more manual.
Rust however categorically tries to stop these problems from happening in an even stronger way. You can still write bad code in any language, but it’s supposed to be a lot more difficult to get memory corruption.
Yes, that’s right. You cannot have a UAF situation unless you’re using unsafe “escape hatch” tools.
Again… IMPROBABLE
I’ve only seen it once. And it was made specifically to trigger a compiler bug. It barely looked like rust code.
Now tell me how someone will introduce such a bug by accident. Winning the lottery 10000 times in a row with the same number isn’t impossible either. But we are engineers, not pure math pedantics. 0.000000000000001% probability for something that happens with less frequency than once per second is impossible.
Rust still has memory related bugs
This is correct, but not what most people think. For example, memory leaks could be considered bugs and it is easy to leak memory memory in safe rust on purpose.
Memory leaks are usually not disastrous for security, mostly an issue for availability, sometimes.
I think a lot of the confusion comes from the ambiguity of the phrase “memory leak.” Rust is designed around preventing insecure memory access (accessing out of bounds for an array, use-after-free, etc.) and devs call that a memory leak. But another form of memory leak is just not freeing up memory when its no longer needed (e.g. continuously pushing a bunch of things to a global vector and never clearing it). That is more of a fundamental program design issue that rust can’t do anything about. (and really, neither could any turing complete language)
Improbable. Everything has bugs that surface. See my other link, or look yourself. There have been plenty of security fixes for Rust. It’s not bulletproof, just like anything else, just less likely specifically for certain memory attacks to be vectors.
Everything has bugs that surface.
This is a worthless statement. Rust is designed to help reduce the number of bugs. No one thinks Rust will completely eliminate all bugs. Your argument about fixes in the compiler or standard library or whatever applies to C as well.
See my other link, or look yourself.
The link you posted says nothing about Rust software having bugs, it’s about malware written in Rust exploiting bugs in other software.
Clearly you have no idea. Rust makes this kind of bug impossible.
WOW. No, it would make it improbable. It’s not like there can’t be zero-days for Rust, bud. This particular attack vector deals with memory handling, and sure, Rust’s main feature is memory security and management. Doesn’t mean there aren’t bugs to exploit there.
https://linuxsecurity.com/features/rise-of-rust-based-malware
Did you even read the article you posted? This is about malware written in Rust being harder to analyze (or notice), not software written in Rust having vulnerabilities…
Your link has nothing to do with bugs in Rust. It says attackers are writing their tools in Rust, which is making the attack tools more robust.
attackers are smart, adaptable types, and they’ve discovered a different angle: malware written in Rust often shields itself using the very design principles we admire about the language. For us, as defenders, this means a steep learning curve and a shift in focus. Let’s break this down.
🤦 It’s not necessarily about bugs in Rust-lang, though you can lookup CVEs if you want. The point is that ANY software, by default, will have bugs and exploits. Doesn’t matter if it’s Rust or C. You can exploit at the core, or at implementation. It’s just matter of time and effort, as they say.
Just flat out saying Rust, or software written in Rust is be default is secure, is a fool’s assertion. Sure it’s LESS LIKELY to have a memory exploit, but that’s where that assertion ends.
Just flat out saying Rust, or software written in Rust is be default is secure, is a fool’s assertion.
Who said that, Mr. Strawman?
It’s clearly better from both language feature and security standpoint and the community is behind it. What’s the problem?
did you mean to post a different link?
It is still possible to have security vulnerabilities in Rust
Nobody claimed otherwise.
‘Use-after-free’ bugs are a specific type of memory access bug that Rust was designed around preventing. It literally refers to trying to access a block of memory after it has already been freed by the memory allocator. Unless you go out of your way to use the “unsafe” keyword in rust (which in most cases, you shouldn’t) then this type of bug is not possible.
Utopia or nothing!
That’s not what’s at issue her LOL
Neither do I. What’s Rust in this context?
Rust is a programming language which was designed to be memory safe without any of the overhead caused by traditional memory safety techniques employed by existing languages (namely, garbage collection and reference counting). It does this by shifting the memory management from happening at runtime to happening at compile time. The compiler forces the programmer to follow certain rules to ensure that their program can be proven to be free of errors such as use-after-frees and double-frees. Because of this design philosophy, Rust is a good fit as a replacement for C, because it can do everything that C can while ensuring the programmer doesn’t make any mistakes with regard to memory management.
Rust is a programming language. Not to be confused with the video game.
Is that videogame written in that programming language?
Nope. Rust is a low level language.
c/woooosh
Magical pills do not exist. Better start pushing old fuckers incapable of learning out of the project (yeah, I don’t like this kind of treatment of Rust just because it is not C either)
Old fuckers exist to protect young fuckers from throwing out the baby with the bath water.
I’m referring to the ageism implied in the statement, I don’t care about C vs Rust any more than I care about vi vs emacs or KDE vs Gnome.
Old fuckers have experience, they have seen many next big things come and go, that’s why they seem slow to adopt new stuff. Of course this annoys new fuckers a lot, as they want to play with their new shiny toys now.
Patience is a virtue, young grasshopper.
Ooh, so “get out with this Rust, I ain’t gonna think about when writing my code” is protecting a baby now?
Okay, then why we need to use a language that has more in common with OCaml? What about using a better C instead?
no one uses d
It’s never too late to start!
let me clarify: no employer uses d. I use d. I am a nobody
Such as?
This language was there for a lot longer than Rust, and is not “OCaml, but with curly braces for scopes”.
Local attacker? So on your LAN
The (ssh) call it coming from inside the 127.0.0.1!!
(Scoot over, I need the keeb.)
You need to be able to run code on the system that has the bug. The bug is in the netfilter component, in how it’s managed on that system, not in the actual traffic flows.
So a non issue unless somebody has physical access to the machine?
Unfortunately, it’s not that simple, because attacks often involve “exploit chains”. In this case, an attacker would use a different vulnerability to gain code execution capability, and then use that capability to exploit this vulnerability.
Update your systems, folks.
Understood
No. They just have to be able to place exploit code onto your machine and have it run.
If they can place exploit code on my machine, I think its already game over, regardless of that bug
Not necessarily, if you follow proper hosting etiquette, then even if they break in they should only be a standard user and have no access to the rest of your system. But most self hosters just run everything as root as it’s less of a hassle.
I guess I was thinking of the many Linux users I have encountered that sets same user and root password, or has sudo as passwordless. SMH
Not directly, but as other comment has mentioned, it reduces the overall security posture because it could be combined with other flaws known and unknown.
Yeah, less vectors are better
