In Local Privilege Escalation Vulnerability in Linux (Dirty Pipe), Taiwanese hardware vendor QNAP is reporting that most of its (NAS) devices are vulnerable to a high severity Linux vulnerability which allows local access users to gain root privileges. Excerpts:
A local privilege escalation vulnerability, also known as “dirty pipe”, has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x.
Currently there is no mitigation available for this vulnerability. We recommend users to check back and install security updates as soon as they become available.
The vulnerability \”Dirty Pipe\” is all about gaining local access for the purpose of privilege escalation. This is a key component for attackers who usually follow the cyber kill chain of reconnaissance, intrusion, exploitation and then privilege escalation. This step allows the attacker to laterally move across the enterprise, stay persistent and then communicate back to the attacker\’s C2 (Command and Control). This is why pro-active identity tools and practices must be in place to monitor identity changes and thus mitigate these and similar attacks.
In the hacking game, it\’s a well-established fact, when a threat actor has physical access to a device it\’s check mate, game over, hasta la vista, sayonara. Gaining root access on Linux operating systems means you essentially have the \”keys to the kingdom\”.
In the case of the \”Dirty Pipe\” vulnerability, just like most others, it\’s imperative to have a layered approach to security, not the least of which is protecting physical security. Having a good patch management process as part of the security hygiene program is also at the top of the list of what administrators must perform.
The concerning part to this vulnerability, is it\’s not limited to servers in a data center. Android based phones, speakers, TVs, etc. are also vulnerable. This is a reminder to all users of Android based devices, apply patches as soon as they become available. The old thought process of waiting to see if a patch or operating system update breaks something, therefore I will wait, is passe.
Patch early, patch often, and always keep your devices up to date. Create multiple layers of your security onion in case one of your controls fails. Lastly, have a backup plan. Be resilient and build recovery procedures that are rapid and attainable with the least amount of damage.
Privilege escalation (PE), which often stems from software vulnerabilities, misconfigurations, and/or incorrect access controls, enables a bad actor, as a non-privileged user, to gain unauthorized access. Particularly, PE allows bad actors to gain persistent unauthorized access to deepen their access into a system for nefarious activities, including data breaches.
Here it is important that technologies are deployed with security by default (ex: hardened, patched, least privilege, endpoint controls, etc.), and actively monitored and scanned for suspicious behaviors and security deviations respectively.