Microsofters Shifting Attention From Massive Microsoft Breach to 'Ubuntu' (Not Critical) (UPDATED)

posted by Roy Schestowitz on Jul 29, 2023,
updated Jul 31, 2023

• GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users [Ed: Talking point from a firm that came from Microsoft (Wiz). The severity is not high.]

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers [Ed: Is Wiz eager to distract from the Microsoft breach it spoke of this month?]

  The flaws — tracked as CVE-2023-2640 and CVE-2023-32629 and dubbed "GameOverlay" by Wiz researchers — are found in the OverlayFS module of Ubuntu Linux and are the result of changes Ubuntu made to the module in 2018, which, at the time, posed no threat, researchers from cloud security firm Wiz revealed in a blog post.

• Milioni di utenti Ubuntu vulnerabili al bug di sicurezza del modulo OverlayFS

• GameOver(lay): Easy-to-exploit local privilege escalation vulnerabilities in Ubuntu Linux affect 40% of Ubuntu cloud workloads [Ed: The media has mostly copy-pasted this dramatisation from Microsoft-connected firm (created by a Microsofter)]

UPDATE

• This Week In Security: Zenbleed, Web Integrity, And More! | Hackaday

  Up first is Zenbleed, a particularly worrying speculative execution bug, that unfortunately happens to be really simple to exploit. It leaks data from function like strlen, memcpy, and strcmp. It’s vulnerable from within virtual machines, and potentially from within the browser. The scope is fairly limited, though, as Zenbleed only affects Zen 2 CPUs: that’s the AMD Epyc 7002 series, the Ryzen 3000 series, and some of the Ryzen 4000, 5000, and 7020 series of CPUs, specifically those with the built-in Radeon graphics.

  [...]

  In a bit of research cleverly named “Game Over(lay)”, [Sagi Tzadik] and [Shir Tamari] of Wiz describe a flaw they found in Ubuntu‘s patches on top of OverlayFS. The short version is that the Linux kernel had a vulnerability in the OverlayFS kernel module in 2020. Fixes were added to the vfs_setxattr function, but Ubuntu exposes more functionality by skipping this function, and directly calling __vfs_setxattr_noperm. Because of the Ubuntu-specific changes, the fixes in the upstream kernel are bypassed in Ubuntu’s kernels.

• Nearly half of Ubuntu users could be vulnerable to these security flaws

  Wiz researchers Sagi Tzadik and Shir Tamari have identified a pair of vulnerabilities that are estimated to be affecting two in five Ubuntu users, so users of the popular Linux distro are being urged to update now.

  The vulnerabilities, being tracked as CVE-2023-32629 and CVE-2023-2640, were both dealt with in the latest patch available for Ubuntu 23.04 Lunar Lobster.

• 40% of Ubuntu Cloud Workloads Vulnerable to Exploits

  Two high-priority vulnerabilities have been discovered in the OverlayFS module of Ubuntu Linux, impacting approximately 40% of Ubuntu cloud workloads.

  According to security experts at Wiz Research, the vulnerabilities, designated as CVE-2023-2640 and CVE-2023-32629, were discovered in the widely used Linux filesystem, OverlayFS, which gained popularity with the widespread adoption of container technology due to its ability to deploy dynamic filesystems based on pre-built images.

Also new:

• Cyber Security Headlines: Maximus breach, Ubuntu Linux vulnerabilities, Cardio company cyberattack

  Cybersecurity researchers at Wiz have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks, and which have the potential to impact 40% of Ubuntu users. The vulnerabilities – tracked as CVE-2023-32629 and 2023-2640 and dubbed GameOver(lay) – are present in a module called OverlayFS and arise as a result of inadequate permissions checks in certain scenarios, enabling a local attacker to gain elevated privileges. Wiz security researchers Sagi Tzadik and Shir Tamari said, “the impacted Ubuntu versions are prevalent in the cloud as they serve as the default operating systems for multiple [cloud service providers].”

Even a CIA-funded site

• Vulnerabilities could expose Ubuntu users to privilege escalation attacks

  Researchers have discovered two vulnerabilities in the Linux operating system Ubuntu with the potential to grant attackers escalated privileges.

  The two bugs impact OverlayFS, a widely installed Linux filesystem used for containerization on cloud servers with technologies like Docker and Kubernetes.

  After being notified of the vulnerabilities by researchers with the cloud security firm Wiz in June, Ubuntu released patches for both on Tuesday.

One more:

• The Good, the Bad and the Ugly in Cybersecurity – Week 30

  Researchers this week disclosed two kernel-level vulnerabilities impacting, they say, up to 40% of Ubuntu cloud workloads. The bugs, dubbed ‘GameOver(lay), are said to be easy to exploit and allow for local privilege escalation.

  The two flaws, CVE-2023-2640 and CVE-2023-32629, relate to the OverlayFS module in Ubuntu, a popular Linux filesystem widely used in cloud containers. OverlayFS is a file system commonly used with Docker that lays one filesystem on top of another. This allows users to modify the upper file system while keeping the base system intact, useful in cloud workloads where it is often desirable to provide an isolated layer for an application to run in that will not affect or modify the host system.

  Researchers at Wiz discovered that Ubuntu’s modifications to OverlayFS make it possible to ‘trick’ the kernel into copying a privileged executable from one layer and writing it to another where it no longer requires privileges to execute.

A couple more:

• Weekly Security News Round-up For Threats and Vulnerabilities: July 23rd to 29th

  This week’s Threat and Vulnerability Roundup is here! Cyber Writes pride ourselves in delivering a weekly roundup of the most up-to-date cybersecurity news.

  Our goal is to bring attention to noteworthy vulnerabilities and exploits, innovative attack methodologies, and essential software patches.

• Over 40% Ubuntu Systems Impacted by Severe Vulnerability; Check If You’re Affected

  As per the latest discovery by Security Researchers S. Tzadik and S. Tamari at Wiz, two new privilege escalation vulnerabilities, codenamed “GameOver(Lay)” in the popular Filesystem OverlayFS, affect a whopping 40% Ubuntu users across the globe. Check out the details for both of these vulnerabilities, along with the steps to check if your Ubuntu system is vulnerable or not.