Critical Vulnerabilities in Linux and GitLab


 

In today’s fast-paced cybersecurity landscape, vulnerabilities in popular platforms pose significant risks to organizations. Two recently disclosed vulnerabilities have garnered attention: CVE-2024-9822, impacting WordPress sites using the Pedalo Connector plugin, and Perfctl malware, which targets misconfigured Linux servers. Additionally, CVE-2024-9164 in GitLab Enterprise Edition (EE) enables unauthorized pipeline execution. This article will explore how these vulnerabilities work, their potential consequences, and the best defense strategies.

CVE-2024-9822: Authentication Bypass in WordPress Pedalo Connector

What are the Security Vulnerabilities in Linux?

The CVE-2024-9822 vulnerability in WordPress allows attackers to bypass authentication and gain administrative access on websites using the Pedalo Connector plugin. This flaw impacts versions up to 2.0.5 due to improper restriction of the ‘login_admin_user’ function. With a CVSS score of 9.8, this is a critical vulnerability, potentially allowing attackers to alter content, install malicious plugins, and access sensitive data.

Impact of CVE-2024-9822

Once an attacker exploits this vulnerability, they can:

  • Modify website configurations and content.
  • Install malware or unauthorized plugins.
  • Steal confidential user information.
  • Utilize the compromised site for further attacks.

This vulnerability poses a severe risk to website confidentiality, integrity, and availability.

Bornsec’s expert Vulnerability Assessment and Penetration Testing (VAPT) services can help secure your organization against evolving threats.

Mitigating CVE-2024-9822

While there is no definitive patch available yet, the following measures can mitigate the risk:

  • Update to the Latest Version: Upgrade to a newer version of the Pedalo Connector plugin if available.
  • Temporarily Disable the Plugin: If no updates exist, disabling the plugin may help prevent exploitation.
  • Strengthen Access Controls: Implement two-factor authentication (2FA) for admin accounts, and monitor login activity.
  • Conduct Regular Audits: Periodically audit administrative accounts for suspicious activity.

Perfctl Malware: Threat to Misconfigured Linux Servers

How Do You Explain Vulnerability in GitLab?

Perfctl is a highly dangerous malware actively targeting Linux servers. It capitalizes on server misconfigurations and exploits critical vulnerabilities like CVE-2023-33246 (Apache RocketMQ) and CVE-2021-4043 (Polkit) to infiltrate systems. Though primarily known for its cryptocurrency mining activities, Perfctl can also act as a loader for other malware, enable proxy-jacking, and install backdoors.

How Perfctl Operates

Perfctl malware infiltrates Linux servers through two main vectors:

  1. Server Misconfigurations: Weak passwords and exposed login interfaces make servers vulnerable, affecting over 20,000 systems.
  2. Exploiting Critical Vulnerabilities: Perfctl exploits Apache RocketMQ (CVE-2023-33246) and Polkit (CVE-2021-4043) to gain access and escalate privileges.

Key Features of Perfctl Malware

  • Evasion Techniques: Perfctl uses rootkits to conceal its presence and suppress resource-intensive processes when users log in.
  • Persistence: The malware alters login scripts to persist even after reboots.
  • Malicious Utilities: It replaces crucial system tools, such as ldd and crontab, with trojanized versions.

Mitigating Perfctl Malware

To guard against Perfctl, organizations should adopt a multi-layered defense:

  • Patch Vulnerabilities: Regularly update software, particularly Apache RocketMQ (CVE-2023-33246) and Polkit (CVE-2021-4043).
  • Restrict File Execution: Set the NOEXEC option on directories like /tmp to prevent malicious binary execution.
  • Disable Unnecessary Services: Limit attack vectors by disabling unused HTTP services.
  • Advanced Security Tools: Deploy anti-malware solutions that can detect rootkits and trojanized utilities while monitoring network traffic for suspicious activity.

CVE-2024-9164: Arbitrary Pipeline Execution in GitLab EE

What Is the Latest Vulnerability in GitLab?

The CVE-2024-9164 vulnerability allows unauthorized pipeline execution on arbitrary branches in GitLab Enterprise Edition (EE). Affecting versions 12.5 to 17.4.1, this flaw poses significant risks to code repositories and CI/CD processes, with a CVSS score of 9.6.

Impact of CVE-2024-9164

The key risks associated with this vulnerability include:

  • Unauthorized Access: Attackers can execute pipelines and access sensitive data.
  • Code Manipulation: Malicious actors may alter repositories or inject harmful code.
  • Denial of Service (DoS): Running resource-intensive pipelines could lead to system slowdowns or crashes.
  • Privilege Escalation: Exploiting this flaw can enable attackers to escalate privileges within the system.

Mitigating CVE-2024-9164

GitLab has released patches in versions 17.2.9, 17.3.5, and 17.4.2. To mitigate this vulnerability, consider the following steps:

  • Update to the Latest Version: Apply the patches as soon as possible.
  • Restrict Pipeline Permissions: Limit pipeline execution to trusted users and verified projects.
  • Monitor Pipeline Activity: Implement monitoring tools to detect unusual pipeline executions.
  • Follow GitLab Best Practices: Regularly update software, audit pipeline configurations, and restrict access to CI/CD environments.

National Vulnerability Database (NVD) to keep abreast of the latest vulnerability disclosures and best practices for mitigating risks.

Conclusion: Staying Ahead of Vulnerabilities

GitLab Vulnerability Management

With emerging vulnerabilities like CVE-2024-9822, Perfctl malware, and CVE-2024-9164, proactive cybersecurity is essential. Regularly patching software, monitoring systems, and implementing strong security protocols can drastically reduce the risk of exploitation. By following industry best practices, your organization can stay ahead of these evolving threats.

Bornsec offers comprehensive solutions to help your business stay secure. Explore our services to protect against vulnerabilities and ensure compliance with industry standards.

 

Contact us: 080-4027 3737

Please write to us: info@bornsec.com

Visit us: https://bornsec.com/

https://bornsec.com/critical-vulnerabilities-in-linux-and-gitlab/

Comments

Post a Comment

Popular posts from this blog

Clickjacking Attack Explained: Prevention, Examples, and Proven Fixes-

Image
  Clickjacking: Understanding the Threat and How to Prevent It Clickjacking, also called UI redressing, is a type of web security threat that exploits user trust by tricking them into clicking on a hidden or disguised website element. While it may sound minor, the reality is far more dangerous. Clickjacking can lead to serious consequences such as data theft, unauthorized financial transactions, and even system compromise. What Is Clickjacking? Clickjacking is a malicious technique where an attacker manipulates a user into clicking on a hidden or misleading element on a website. The term “clickjacking” is a combination of “click” and “hijacking,” accurately describing how the attacker takes control of a user’s actions without their knowledge. By overlaying an invisible or disguised button over a legitimate one, users may think they are performing a safe action but are triggering something harmful, like sharing sensitive data or performing unauthorized tasks. This kind of ...
Read more

CVE 2024 11477: Critical 7-Zip Exploit Revealed

Image
  What is CVE-2024- 11477? CVE-2024-11477 is a recently identified security vulnerability in 7-Zip, the renowned file compression utility celebrated for its compatibility with diverse file formats like ZIP, RAR, and TAR. This vulnerability exposes users to potential remote attacks, where malicious actors can exploit specially crafted archive files to execute arbitrary code, severely compromising affected systems. With a CVSS score of 7.8, CVE-2024-11477 underscores the seriousness of this flaw and its potential to disrupt millions of users worldwide. This blog explores the vulnerability, the affected platforms, the risks it poses, and actionable steps to mitigate it.     Learn about Cybersecurity Services by Bornsec for comprehensive protection against vulnerabilities.     How CVE-2024-11477 Impacts Users CVE-2024-11477 directly impacts 7-Zip users across a wide range of ...
Read more

AI Cybersecurity Threats 2024 | Dark Side of Technology

Image
  Artificial Intelligence (AI) has revolutionized various sectors, and cybersecurity is no exception. However, while AI brings advanced solutions to combat cyber threats, it also arms malicious actors with sophisticated tools to exploit vulnerabilities. This blog delves into the emerging AI cybersecurity threats, real-world examples, and effective countermeasures to navigate these challenges in 2024. Visit https://bornsec.com/ai-cybersecurity-threats-2024/ to discover more. The Dual Role of AI in Cybersecurity AI in Cyber Security is a double-edged sword. On one side, AI-powered tools like predictive analytics, anomaly detection, and automated threat mitigation enhance security defenses. On the other, the misuse of AI by cybercriminals is leading to new generative AI security risks and attack methodologies that are challenging to counter. Protect Your Business with AI-Driven Cybersecurity Solutions at  Bornsec. 1. AI-Powered Cyber Attacks: Examples and R...
Read more