Top Vulnerabilities exploited to Hack Linux Systems

Linux based systems are exposed to the internet directly, and so attackers can easily target them to install malicious web shells, ransomware, Trojans, and the like. The U.S.-Japanese firm Trend Micro published a detailed analysis on the Linux threat setting, highlighting the challenges and vulnerabilities that impacted the OS in the first half of the year. The firm used the data gathered from honeypots, sensors, and anonymized telemetry.

According to the company, which identified around 15 million malware events targeting Linux-based cloud environments, coin miners and ransomware make up 54% of all malware, and web shells account for 29% of them.

Also Read: OT Vulnerabilities found on NicheStack

Moreover, researchers analyzed more than 50 million events from 100,000 unique Linux hosts and found15 different vulnerabilities that have been exploited in the wild

• CVE-2017-5638 (CVSS score: 10.0) – Apache Struts 2 remote code execution (RCE) vulnerability
• CVE-2017-9805 (CVSS score: 8.1) – Apache Struts 2 REST plugin XStream RCE vulnerability
• CVE-2018-7600 (CVSS score: 9.8) – Drupal Core RCE vulnerability
• CVE-2020-14750 (CVSS score: 9.8) – Oracle WebLogic Server RCE vulnerability
• CVE-2020-25213 (CVSS score: 10.0) – WordPress File Manager (wp-file-manager) plugin RCE vulnerability
• CVE-2020-17496 (CVSS score: 9.8) – vBulletin ‘subwidgetConfig’ unauthenticated RCE vulnerability
• CVE-2020-11651 (CVSS score: 9.8) – SaltStack Salt authorization weakness vulnerability
• CVE-2017-12611 (CVSS score: 9.8) – Apache Struts OGNL expression RCE vulnerability
• CVE-2017-7657 (CVSS score: 9.8) – Eclipse Jetty chunk length parsing integer overflow vulnerability
• CVE-2021-29441 (CVSS score: 9.8) – Alibaba Nacos AuthFilter authentication bypass vulnerability
• CVE-2020-14179 (CVSS score: 5.3) – Atlassian Jira information disclosure vulnerability
• CVE-2013-4547 (CVSS score: 8.0) – Nginx crafted URI string handling access restriction bypass vulnerability
• CVE-2019-0230 (CVSS score: 9.8) – Apache Struts 2 RCE vulnerability
• CVE-2018-11776 (CVSS score: 8.1) – Apache Struts OGNL expression RCE vulnerability
• CVE-2020-7961 (CVSS score: 9.8) – Liferay Portal untrusted deserialization vulnerability

What is more troublesome is that the 15 commonly used Docker images on the official Docker Hub repository are observed to port vulnerabilities that span across python, node, wordpress, golang, nginx, postgres, influxdb, httpd, mysql, debian, memcached, redis, mongo, centos, and rabbitmq. This highlights the dire need to protect and secure containers threats during the development phases.

The researchers, therefore, concluded that the users and organizations of this OS should always opt for the best security practices. This should involve using the security by design approach, installing virtual patching or vulnerability shielding, commissioning the principle of least privilege, and sticking to the shared responsibility model.