Gaining Root Access: Exploiting Linux Using a New Heap Overflow Vulnerability
Organizations operating using a heterogeneous environment realize the value of using Linux systems to provide specific services critical to the business. However, these systems are just as much under attack as their Windows counterparts, making it equally as important to understand how they are being compromised, as well as ensuring they receive security updates.
In the last year, we’ve seen attacks on Linux systems grow in number, with the latest in 2021, dubbed ‘Baron Samedit’, which allows attackers to leverage several vulnerable versions of the admin command Sudo to elevate themselves from a normal user to one with root access to the Linux system.
In this webinar, Microsoft MVP and cybersecurity expert Nick Cavalancia explores this topic by covering:
- Just how problematic are attacks on Linux
- Some of the tactics and techniques used by attackers when Linux is the target
- Mapping these attacks to the MITRE Framework
In addition, our own Director of Cyber Threat Research, Kev Breen, discusses the new Baron Samedit heap overflow vulnerability in Linux discovered by Qualsys, and takes a look at this attack from two perspectives:
- Running the exploit, including uploading, compiling, and executing the exploit to gain access
- Planning a defense that includes shipping audit logs, identifying the compromise, and responding to the attack