CyberSecurity news
@itpro.com
//
Qualys security researchers have uncovered three bypasses in Ubuntu Linux's unprivileged user namespace restrictions, a security feature intended to reduce the attack surface. These bypasses, present in Ubuntu versions 23.10 and 24.04, could enable a local attacker to gain full administrative capabilities. The unprivileged user namespace restrictions were designed to provide security isolation for applications, however, the newly discovered flaws create a weak spot that attackers can exploit.
The bypasses allow a local attacker to create user namespaces with full administrator capabilities. One method involves exploiting the aa-exec tool, while another utilizes Busybox. A third involves LD_PRELOADing a shell into programs with AppArmor profiles. Successful exploitation could allow attackers to bypass security measures, exploit vulnerabilities in kernel components, and potentially gain full system access. Ubuntu was notified of the vulnerabilities on January 15, 2025.
ImgSrc: cdn.mos.cms.fut
References :
- Full Disclosure: Qualys Security Advisory Three bypasses of Ubuntu's unprivileged user namespace restrictions.
- The DefendOps Diaries: Understanding Security Bypasses in Ubuntu's Unprivileged User Namespaces
- www.itpro.com: Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions
- www.networkworld.com: Ubuntu namespace vulnerability should be addressed quickly: Expert
- BleepingComputer: New Ubuntu Linux security bypasses require manual mitigations
- bsky.app: Details of how Qualys identifies security byasses on Ubuntu
- BleepingComputer: Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components.
- securityonline.info: Ubuntu Security Alert: Three Ways to Bypass User Namespace Restrictions
- BleepingComputer: Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components.
- Cyber Security News: New Ubuntu Security Bypasses Allow Attackers to Exploit Kernel Vulnerabilities
Classification:
- HashTags: #Ubuntu #Linux #Vulnerability
- Company: Ubuntu
- Target: Ubuntu systems
- Product: Ubuntu Linux
- Feature: security bypass
- Type: Vulnerability
- Severity: Medium