Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Russian OS. Show all posts

Inherent Vulnerability in Linux Puts Russian OS at Risk

 

The vulnerability found in all distributions of the Linux operating system also puts at risk Russian OS based on it, which are used in banks, enterprises, and government agencies. Developers of Russian OS on Linux have already begun to publish updates that close the security gap. But the problem may not be an isolated one, since few people have been engaged in comprehensive research of the Linux source code. 
The vulnerability, called PwnKit, was discovered by the American company Qualys. Experts pointed out that the breach allows attackers to easily obtain administrator rights. The vulnerability is present in the pkexec component. The researchers claim that the vulnerability is installed by default on all Linux distributions and has existed in the pkexec component (graphical interface) since its creation, that is, almost 13 years. 

Kaspersky Lab researcher Boris Larin confirmed that the vulnerability also affected some Russian Linux distributions. The Russian developer RED SOFT, which produces the Russian Red OS based on Linux, acknowledged that the system uses a potentially unsafe module, but noted that the company regularly tests the system and has already released an update. 

It should be noted that administrator rights give unlimited opportunities to attackers, and most likely, within a year, this vulnerability will become the main tool for attacking devices running Linux. "Banks, industrial enterprises, and the public sector can be targeted," said Alexey Malynev, head of the Jet Infosystem Incident Monitoring and Response Center. 

Exploits that allow exploiting the vulnerability appeared a few hours after the information about the problem appeared. Developers have already started releasing security updates to close the gap. 

The revealed vulnerability demonstrates one of the important shortcomings of open source systems. "It seems that it is available, and everyone can check it, but in fact, few people do it, so no one has noticed the vulnerability for years," noted Pavel Korostelev, head of the Security Code product promotion department. 

Dmitry Derzhavin, head of CPI development, emphasizes that modern operating systems are millions of lines of code. "It so happened that no one has looked into this particular line until now, and there is no excuse for this oversight."