Sequoia, the new threat affecting Linux
This serious security breach has been registered as CVE-2021-33909. It has been discovered by a group of cybersecurity researchers from Qualys. The flaw affects the file system and would give an attacker root access. It affects distributions like Ubuntu, Debian and Fedora.
However, there are many distributions that can be affected. This includes servers of all kinds that are based on Linux. Researchers believe that Sequoia affects all versions of the Linux kernel since 2014. Specifically, it is a size_t-to-int conversion vulnerability in the file system.
This is a major problem, since beyond affecting a large number of distributions, any user without privileges can gain root access and have full control. The ruling affects the filesystem layer kernel.
According to the security researchers, what an unprivileged local attacker does is create, mount and delete a deep directory structure whose total path length exceeds 1 GB and later opens and reads roc / self / mountinfo could write outside of memory limits.
This is what would give you access to being able to corrupt data, crash the system or even execute malicious code without authorization. Ultimately you are going to become the root user and have control of that system. They report all the technical details on their official website.
Testing on different distributions
From Qualys, the group of researchers who discovered this vulnerability have been able to test how it works and achieve root privileges in different default installations such as Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11 or Fedora 34 Workstation. They have launched a proof of concept that we can see on their website.
Luckily we already have a solution to this problem. What’s more, it is convenient to update immediately and thus be able to correct this serious failure. It affects the kernel between versions 3.16 to 5.13.X, prior to 5.13.4. Therefore, it is important that we update our Linux system as soon as possible to kernel 5.13.4, which has just been released to correct the Sequoia problem.
From RedesZone we always recommend keeping the equipment updated with the latest version available. The case of Sequoia and how they could put our unpatched Linux systems at risk is but one example. There are many threats on the network that take advantage of uncorrected flaws. We must always update the firmware of the router and network card, but also at the operating system level, whether we use any of these versions of vulnerable Linux or any other that may be affected by a different security problem.
