{"id":3656,"date":"2024-05-20T14:31:25","date_gmt":"2024-05-20T19:31:25","guid":{"rendered":"https:\/\/www.darkreading.com\/cloud-security\/critical-bug-dos-rce-data-leaks-in-all-major-cloud-platforms"},"modified":"2024-05-20T14:31:25","modified_gmt":"2024-05-20T19:31:25","slug":"critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/05\/20\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms\/","title":{"rendered":"Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Researchers have discovered a severe memory corruption vulnerability inside of a cloud logging utility used across major cloud platforms.<\/span><\/p>\n

The service, Fluent Bit, is an open source tool for collecting, processing, and forwarding logs and other types of application data. It’s one of the more popular pieces of software out there, with more than <\/span>3 billion downloads<\/a><\/span> as of 2022, and a new 10 million or so deployments with each passing day. It’s used by major organizations such as VMware, Cisco, Adobe, Walmart, and LinkedIn, and nearly every major cloud service provider, including AWS, Microsoft, and Google Cloud.<\/span><\/p>\n

The issue with Fluent Bit, dubbed “Linguistic Lumberjack” in <\/span>a new report from Tenable<\/a><\/span>, lies in how the service’s embedded HTTP server parses trace requests. Manipulated in one way or another, it can cause denial of service (DoS), data leakage, or remote code execution (RCE) in a cloud environment.<\/span><\/p>\n

“Everyone gets hyped about a <\/span>vulnerability in Azure, AWS, GCP,<\/a><\/span> but nobody’s really looking at the technologies that make up all of these major cloud services \u2014 common, core pieces of software that now affect every major cloud provider,” says Jimi Sebree, senior staff research engineer with Tenable. “You need to be looking for application security bombs and like components of the services, not just the services themselves.”<\/span><\/p>\n

The Linguistic Lumberjack Effect<\/h2>\n

Tenable researchers initially were looking into an entirely separate security issue in an undisclosed cloud service when they realized something unexpected was going on. From where they were sitting, it seemed they were able to access a wide range of the cloud service provider’s (CSP) own internal metrics and logging endpoints. Among these were instances of Fluent Bit.<\/span><\/p>\n

This <\/span>cross-tenant<\/a><\/span> data leakage came from endpoints in Fluent Bit’s monitoring application programming interface (API), designed to allow users to query and monitor its internal data. After some testing, though, a bit of leaky data turned out to be only the introduction to a deeper problem.<\/span><\/p>\n

For a particular endpoint \u2014 \/api\/v1\/traces \u2014 the types of data passed as input names were not properly validated prior to being parsed by the program. So by passing non-string values, an attacker could cause all kinds of memory corruption issues in Fluent Bit. The researchers tried out a variety of positive and negative integer values, in particular, to successfully cause errors for which the service would crash and leak potentially sensitive data.<\/span><\/p>\n

Attackers could also potentially use this same trick to gain RCE capabilities in a targeted environment. However, Tenable noted, developing such an exploit would require a good deal of effort, being customized to the target’s particular operating system and architecture.<\/span><\/p>\n

What to Do About It<\/h2>\n

The bug exists in Fluent Bit versions 2.0.7 through 3.0.3. It’s being tracked under CVE-2024-4323, and <\/span>various sites have assigned<\/a><\/span> it “critical” CVSS scores of over 9.5 out of 10. After it was reported on April 30, Fluent Bit’s maintainers <\/span>updated the service<\/a><\/span> to properly validate data types in that problematic endpoint’s input field. The fix was applied to the project’s main branch on GitHub on May 15.<\/span><\/p>\n

Organizations with Fluent Bit deployed in their own infrastructure and environments are advised to update as soon as possible. Alternatively, Tenable suggests, administrators can review any configurations relevant to Fluent Bit’s monitoring API to ensure that only authorized users and services can query it \u2014 or even no users or services at all.<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Researchers have discovered a severe memory corruption vulnerability inside of<\/p>\n","protected":false},"author":12,"featured_media":3657,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-3656","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?fit=1800%2C1200&ssl=1",1800,1200,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?fit=300%2C200&ssl=1",300,200,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?fit=640%2C427&ssl=1",640,427,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?fit=640%2C427&ssl=1",640,427,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?fit=1536%2C1024&ssl=1",1536,1024,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?fit=1800%2C1200&ssl=1",1800,1200,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?fit=1024%2C683&ssl=1",1024,683,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/critical-bug-allows-dos-rce-data-leaks-in-all-major-cloud-platforms.jpg?fit=1800%2C1200&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3656","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3656"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3656\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/3657"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3656"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3656"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3656"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}