Key Linux systems can have security errors that make password theft possible
- Advertisement -
Related Posts
- Advertisement -
- Two vulnerabilities for information opposition were found in Aport and Core-Dump Handler
- They influence Ubuntu, Fedora and Red Hat
- Mitigations are available, so users are advised to take a look
CyberSecurity -researchers from Qualys have two vulnerabilities for information about the public to praise different Linux -Distribution.
The mistakes, which are both racing condition, enable threat factors to gain access to sensitive information.
The first can be found in the core dump handler of Ubuntu, Apport, and is followed as CVE-2025-5054. The second can be found in the standard core dump handler on Red Hat Enterprise Linux 9 and 10, as well as on Fedora. It is followed as CVE-2025-4598.
Crash
APPORT is a FoutR reporting tool in Ubuntu that automatically collects crash data and system information, while Systemd-Coredump recordings and hits core dumps of crashed processes for later error discharge and analysis.
As Qalys has explained, 24.04 is vulnerable for Apport – Ubuntu. Versions up to 2.33.0 are influenced, as well as every Ubuntu release since 16.04. For Systemd-Coredump, Fedora 40/41 and Red Hat Enterprise Linux 9, and the recently released Rhel 10 are all vulnerable. Debian systems are not vulnerable as standard, Qalys added, because they do not contain core-dump handlers.
In theory, an attacker could activate a crash in a privileged process and then quickly replace the crashed process before the core dump handler intervenes.
In this way the attackers can gain access to the core dump that can contain sensitive information, such as passwords.
What is more, because Systemd-Coredump does not validate the “diskable” flag of the kernel, a threat actor can crash Root-Daemons who set for his own user ID. In this way they could read sensitive memory of critical processes.
QALYS has developed a proof-of-concept (POC) for both vulnerabilities and said that in order to reduce vulnerabilities, system administrators must ensure that core dumps are stored safely, strict PID validation are implemented and limit restrictions for access to suid/sgid-core files.
More details about possible mitigations, and which commands must be performed to secure the infrastructure, can be found This link.
Maybe you like it too
- Advertisement -
