24 September 2024

Extremely serious vulnerability on Linux, currently unknown, discovered by EvilSocket

A critical vulnerability affects all GNU/Linux systems and potentially other platforms. With a severity score of 9.9/10 according to the CVSS system, it is a threat that could allow remote attacks without authentication.

In the world of computer security, a new critical vulnerability is shaking the GNU/Linux world. Discovered and reported by Simone Margaritelli, a well-known computer security researcher and creator of numerous tools used in cyber security, this vulnerability is creating a wave of concern among major Linux distributions such as Ubuntu (Canonical) and Red Hat, which have already confirmed the seriousness of the problem. With a score of 9.9/10 on the severity scale CVSS, this is a potential security nightmare for millions of systems worldwide.

Simone Margaritelli, also known as evilsocket in his professional profiles, is one of the most recognized names in the cybersecurity community. His discoveries and the tools he developed have had a profound impact on the world of cybersecurity, and his dedication to disclosing critical vulnerabilities like the one we are talking about here is nothing new. Despite the intention to proceed with a responsible disclosure of the flaw, the resistance encountered by Margaritelli during the process led to a drastic decision: to announce a full disclosure within the next few weeks, even without a patch available.

Key points of vulnerability

Three weeks ago, Margaritelli discovered a vulnerability RCE (Remote Code Execution) unauthenticated vulnerability that affects all GNU/Linux systems and, probably, other platforms. An RCE vulnerability allows a remote attacker to execute arbitrary code on a vulnerable system without the need for authentication. This particular vulnerability is extremely dangerous, and the fact that there is still no working fix available makes the situation even worse.

According to the post shared by Margaritelli himself on Twitter, Canonical e Red Hat confirmed the criticality of the vulnerability, which received a score of 9.9 of 10 on the CVSS scale. This means that this flaw has a devastating impact on security and could lead to massive use by cyber criminals if not addressed promptly. At the moment, however, no CVE (Common Vulnerabilities and Exposures), although Margaritelli reports that there should be at least 3 or 4 CVEs for different aspects of this vulnerability.

The lack of a working fix or patch has sparked debate within the developer community, with many appearing to downplay the impact of some of the vulnerabilities found. This attitude led Margaritelli to express his frustration on Twitter, stating that his experience in recent weeks has been marked by resistance from developers, who seem unwilling to accept that the code underlying these vulnerabilities is indeed flawed.

Margaritelli said that although he tried to follow the protocol responsible disclosure, working with development teams to identify and resolve issues to protect users, the process has been hampered by uncooperative behavior. Because of this, it has decided to discontinue its responsible disclosure practice and proceed with a full disclosure of the vulnerability within the next few weeks.

CVSS 9.9 vulnerability

The vulnerability in question has been classified with a score CVSS v3.1 of 9.9/10, a clear indication of the extreme danger of the problem. Analyzing in more detail the factors that contributed to this score:

  • Attack Vector (AV): Network (N) — The vulnerability can be exploited remotely over the network, without requiring physical access to the target machine.
  • Attack Complexity (AC): Low (L) — Exploitation of the vulnerability requires few or no special prerequisites, meaning that the attack can be easily performed by anyone with basic knowledge.
  • Privileges Required (PR): None (N) — An attacker does not need to gain administrator or user privileges to exploit the flaw, making the vulnerability even more accessible and dangerous.
  • User Interaction (UI): None (N) — The attack requires no user interaction, which increases the risk of surprise exploitation.
  • Confidentiality (C): Low (L) — Privacy breach is considered less impactful than other metrics, but remains significant.
  • Integrity (I): High (H) — The vulnerability could compromise the integrity of the system, allowing unauthorized changes.
  • Availability (A): Low (L) — The vulnerability has a moderate impact on system availability, but under certain conditions could lead to outages or malfunctions.

These combined factors make this one of the most serious vulnerabilities to emerge in recent times in the GNU/Linux world, and the lack of an available fix is ​​a cause for great concern for anyone using Linux systems on a large scale, especially in enterprise and data center settings.

Currently there is no indication whatsoever as to which service may be affected by this vulnerability, but it is reasonable to assume that it may concern a known exposed service such as OpenSSH, or possibly filtering services such as Net Filter. Obviously these are just hypotheses.

Simone Margaritelli's frustration

In his Twitter post, Margaritelli made it clear that he was frustrated with how some developers handled the issue. Although he spent three full weeks of his free time researching and coordinating to resolve the issue, the lack of support and downplaying of risk by some developers pushed him to take a different path.

Simone Margaritelli EvilSocket Linux Vulnerability

Simone said he was ignored, and that many developers seemed reluctant to admit that their code might be flawed. This fueled his decision to abandon the idea of ​​responsible disclosure and proceed with a full disclosure of the vulnerability, making the technical details public within the next few weeks.

This decision is extremely significant, as it could speed up the race to implement a fix, but at the same time it will expose millions of Linux systems to the risk of attacks by malicious actors if rapid countermeasures are not taken.

Simone Margaritelli: who he is and why he is important

Simone Margaritelli, known as evilsocket, is a prominent name in the cybersecurity community. Over the course of his career, he has developed numerous tools used by both cybersecurity professionals and researchers around the world.

One of his best-known contributions is the development of Bettercap, an open-source tool designed to conduct hacking attacks Man-in-the-Middle (MITM) and network penetration testing. Bettercap is one of the most versatile network security tools available and is used by thousands of professionals to identify vulnerabilities, intercept network traffic, and conduct in-depth security tests on enterprise systems and local networks.

Bettercap is appreciated for its modularity and flexibility. It allows users to monitor and manipulate traffic in real time, analyze network packets, and even perform complex attacks such as DNS spoofing, content injection into web pages, and many other types of attacks used to test the robustness of a network's defenses.

You can find more details on Bettercap and download the tool by visiting the official website: Bettercap Project.

Margaritelli is also known for developing several other security tools, many of which are collected in his personal blog and GitHub profile, which you can visit here:

Bettercap: An indispensable tool for penetration testing

Bettercap is a tool designed to provide a complete suite of network security tools, which includes the ability to perform attacks MITM, traffic manipulation and real-time network monitoring. Initially created as a modern alternative to tools like Ettercap, Bettercap has quickly grown to become one of the most powerful network security tools available today.

Bettercap's key features include:

  • Modularity: Bettercap supports numerous modules that allow users to perform different types of attacks and analysis, such as HTTP traffic monitoring, content injection, and sniffing of credentials.
  • Multi-platform support: Bettercap can run on multiple operating systems, including GNU/Linux, Windows, and macOS, making it extremely versatile.
  • Extensibility: Users can write their own modules and scripts to extend the functionality of Bettercap, tailoring it to their specific needs.

One of the reasons why Bettercap is so popular is its simple yet powerful interface, which allows even those with basic network security skills to run complex tests with relative ease. Due to its versatility, Bettercap is used not only in security testing, but also for training security professionals and for educational purposes in universities.

Conclusions

The vulnerability discovered by Simone Margaritelli represents one of the most serious threats to the security of the GNU/Linux landscape in recent times. With a CVSS score of 9.9 of 10, the vulnerability has a devastating impact on the security of systems, allowing a remote attacker to take control of a machine without the need for authentication or elevated privileges.

Margaritelli, despite his efforts to coordinate with developers and resolve the issue responsibly, faced significant resistance, leading him to decide to proceed with a full disclosure within the next few weeks.

His frustration is understandable: time is of the essence when dealing with vulnerabilities of this magnitude, and every day that passes without a fix increases the risk of a full-scale attack. Users of GNU/Linux systems, especially in enterprise or data center settings, should pay attention to security updates and make sure to take all possible preventative measures while waiting for a patch.

If you want to learn more about Simone Margaritelli's work or use his tools to test the security of your networks, I recommend you visit the following links:

Stay tuned for further developments on this very serious vulnerability, as full disclosure could come very soon, with all the security implications that this entails.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top