Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms

  /     /     /  
Publicated : 23/11/2024   Category : security


Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms


An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environment.



Researchers have discovered a severe memory corruption vulnerability inside of a cloud logging utility used across major cloud platforms.
The service, Fluent Bit, is an open source tool for collecting, processing, and forwarding logs and other types of application data. Its one of the more popular pieces of software out there, with more than
3 billion downloads
as of 2022, and a new 10 million or so deployments with each passing day. Its used by major organizations such as VMware, Cisco, Adobe, Walmart, and LinkedIn, and nearly every major cloud service provider, including AWS, Microsoft, and Google Cloud.
The issue with Fluent Bit, dubbed Linguistic Lumberjack in
a new report from Tenable
, lies in how the services embedded HTTP server parses trace requests. Manipulated in one way or another, it can cause denial of service (DoS), data leakage, or remote code execution (RCE) in a cloud environment.
Everyone gets hyped about a
vulnerability in Azure, AWS, GCP,
but nobodys really looking at the technologies that make up all of these major cloud services — common, core pieces of software that now affect every major cloud provider, says Jimi Sebree, senior staff research engineer with Tenable. You need to be looking for application security bombs and like components of the services, not just the services themselves.
Tenable researchers initially were looking into an entirely separate security issue in an undisclosed cloud service when they realized something unexpected was going on. From where they were sitting, it seemed they were able to access a wide range of the cloud service providers (CSP) own internal metrics and logging endpoints. Among these were instances of Fluent Bit.
This
cross-tenant
data leakage came from endpoints in Fluent Bits monitoring application programming interface (API), designed to allow users to query and monitor its internal data. After some testing, though, a bit of leaky data turned out to be only the introduction to a deeper problem.
For a particular endpoint — /api/v1/traces — the types of data passed as input names were not properly validated prior to being parsed by the program. So by passing non-string values, an attacker could cause all kinds of memory corruption issues in Fluent Bit. The researchers tried out a variety of positive and negative integer values, in particular, to successfully cause errors for which the service would crash and leak potentially sensitive data.
Attackers could also potentially use this same trick to gain RCE capabilities in a targeted environment. However, Tenable noted, developing such an exploit would require a good deal of effort, being customized to the targets particular operating system and architecture.
The bug exists in Fluent Bit versions 2.0.7 through 3.0.3. Its being tracked under CVE-2024-4323, and
various sites have assigned
it critical CVSS scores of over 9.5 out of 10. After it was reported on April 30, Fluent Bits maintainers
updated the service
to properly validate data types in that problematic endpoints input field. The fix was applied to the projects main branch on GitHub on May 15.
Organizations with Fluent Bit deployed in their own infrastructure and environments are advised to update as soon as possible. Alternatively, Tenable suggests, administrators can review any configurations relevant to Fluent Bits monitoring API to ensure that only authorized users and services can query it — or even no users or services at all.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms