On this week’s digest, we are going to focus on:
- a privilege escalation vulnerability within the Linux kernel (DirtyCred);
- an arbitrary code execution in PostgreSQL; and
- a privilege escalation vulnerability within the Zoom auto-update course of.
DirtyCred Privilege Escalation Vulnerability
Tutorial researchers from Northwestern College have launched a brand new exploitation idea to swap Linux kernel credentials. This exploitation methodology is just like the Soiled Pipe vulnerability CVE-2022-0847. The Soiled Pipe vulnerability is an uninitialized bug within the Linux kernel pipe subsystem, affecting 5.8 and better kernel variations.
The DirtyCred vulnerability permits native attackers to escalate their privileges on affected Linux kernel variations. With a view to benefit from this vulnerability, an attacker should first be capable of run low-privileged code on the goal system. There’s a particular situation with the way in which routing selections are dealt with. The difficulty is brought on by the failure to validate an object’s existence earlier than conducting further free actions on it. This vulnerability permits an attacker to realize elevated privileges and run arbitrary code as root.
The DirtyCred vulnerability—registered as CVE-2022-2588,—was rated 6.7 medium within the CVSS scoring by Crimson Hat as a result of excessive impression to confidentiality, integrity, and availability. A profitable assault can carry out privilege escalation by bypassing kernel credential permission checks.
We advocate that you simply replace affected Linux kernel packages to the most recent model as quickly as potential.
PostgreSQL Arbitrary Code Execution
A vulnerability present in PostgreSQL might result in arbitrary code execution because the sufferer position. An assault requires the power to create non-temporary objects in a minimum of one schema, the aptitude to draw or anticipate a sufferer to make use of the article focused by CREATE OR REPLACE or CREATE IF NOT EXISTS, and the power to lure or anticipate an administrator to create or replace a susceptible extension in that schema. If all three circumstances are met, the attacker can execute arbitrary code because the sufferer position, which may be a superuser. Each PostgreSQL-bundled and non-bundled extensions are included within the checklist of known-affected extensions.
The vulnerability has been registered as CVE-2022-2625, and was rated 8.0 excessive within the CVSS scoring by NVD as a result of excessive impression to confidentiality, integrity, and availability. This vulnerability has been patched by PostgreSQL 14.5, 13.8, 12.12, 11.17, 10.22, and 15 Beta 3 launch.
Based on PostgreSQL, PostgreSQL 10 shall be Finish of Life (EOL) on November 10, 2022; subsequently, in case you are operating PostgreSQL 10 in a manufacturing atmosphere, PostgreSQL advises to improve to newer and supported PostgreSQL variations.
Zoom Shopper for MacOS Privilege Escalation Vulnerability
A vulnerability was found within the Zoom conferences shopper for MacOS, which might enable a locally-authenticated attacker to escalate their privileges on the system. A flaw within the auto-updater course of causes this vulnerability. An authenticated attacker might use this vulnerability to get root entry to the sufferer’s machine by sending a well-crafted request.
This vulnerability has been registered as CVE-2022-28757, and was rated 8.8 excessive within the CVSS scoring by Zoom Video Communications, Inc. as a result of excessive impression to confidentiality, integrity, and availability. This vulnerability impacts the Zoom conferences shopper for MacOS model 5.7.3 and earlier than model 5.11.6.
Trending Vulnerabilities this Week
- CVE-2022-32250: Native privilege escalation within the Linux kernel by 5.18.1
- CVE-2022-0028: Mirrored and amplified TCP denial-of-service (RDoS) in Palo Alto Networks
- CVE-2022-22536: Unauthenticated request smuggling and request concatenation in SAP SE Functions
- CVE-2021-30657: Gatekeeper checks bypass in macOS huge Sur
CVE-2022-26923: Energetic Listing Area Companies Elevation of Privilege Vulnerability
