AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to Slashdot  <--  <--- Return to Home Page
   Local Database  Slashdot   [369 / 472] RSS
 From   To   Subject   Date/Time 
Message   VRSS    All   New Moderate Linux Flaw Allows Password Hash Theft Via Core Dump   June 1, 2025
 11:40 PM   

Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: New Moderate Linux Flaw Allows Password Hash Theft Via Core Dumps in
Ubuntu, RHEL, Fedora

Link: https://it.slashdot.org/story/25/06/02/014022...

An anonymous reader shared this report from The Hacker News: Two information
disclosure flaws have been identified in apport and systemd-coredump, the
core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according
to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-
2025-4598, both vulnerabilities are race condition bugs that could enable a
local attacker to obtain access to access sensitive information. Tools like
Apport and systemd-coredump are designed to handle crash reporting and core
dumps in Linux systems. "These race conditions allow a local attacker to
exploit a SUID program and gain read access to the resulting core dump,"
Saeed Abbasi, manager of product at Qualys TRU, said... Red Hat said CVE-2025-
4598 has been rated Moderate in severity owing to the high complexity in
pulling an exploit for the vulnerability, noting that the attacker has to
first win the race condition and be in possession of an unprivileged local
account... Qualys has also developed proof-of-concept code for both
vulnerabilities, demonstrating how a local attacker can exploit the coredump
of a crashed unix_chkpwd process, which is used to verify the validity of a
user's password, to obtain password hashes from the /etc/shadow file.
Advisories were also issued by Gentoo, Amazon Linux, and Debian, the article
points out. (Though "It's worth noting that Debian systems aren't susceptible
to CVE-2025-4598 by default, since they don't include any core dump handler
unless the systemd-coredump package is manually installed.";) Canonical
software security engineer Octavio Galland explains the issue on Canonical's
blog. "If a local attacker manages to induce a crash in a privileged process
and quickly replaces it with another one with the same process ID that
resides inside a mount and pid namespace, apport will attempt to forward the
core dump (which might contain sensitive information belonging to the
original, privileged process) into the namespace... In order to successfully
carry out the exploit, an attacker must have permissions to create user,
mount and pid namespaces with full capabilities." Canonical's security team
has released updates for the apport package for all affected Ubuntu
releases... We recommend you upgrade all packages... The unattended-upgrades
feature is enabled by default for Ubuntu 16.04 LTS onwards. This service: -
Applies new security updates every 24 hours automatically. - If you have this
enabled, the patches above will be automatically applied within 24 hours of
being available.

Read more of this story at Slashdot.

---
VRSS v2.1.180528
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Show Routing
Previous Message | Next Message | Back to Slashdot  <--  <--- Return to Home Page
VADV-PHP
Execution Time: 0.0161 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2025 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
 v2.1.250224