Source URL: https://it.slashdot.org/story/25/06/02/0140228/new-moderate-linux-flaw-allows-password-hash-theft-via-core-dumps-in-ubuntu-rhel-fedora?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: New Moderate Linux Flaw Allows Password Hash Theft Via Core Dumps in Ubuntu, RHEL, Fedora
Feedly Summary:
AI Summary and Description: Yes
Summary: The report discusses two vulnerabilities (CVE-2025-5054 and CVE-2025-4598) in Linux core dump handlers such as Apport and systemd-coredump, which may allow local attackers to access sensitive information. This highlights critical security implications for systems administrators and security professionals monitoring Linux environments.
Detailed Description:
The vulnerabilities identified by the Qualys Threat Research Unit (TRU) in the apport and systemd-coredump error handling systems pose significant security risks, particularly in Linux-operated environments. Both flaws, categorized by their race condition nature, enable local attackers to exploit SUID programs to access sensitive data from core dumps.
Key Points:
– **Identified Vulnerabilities**:
– CVE-2025-5054 and CVE-2025-4598
– Nature: Race condition bugs present in core dump handlers of Ubuntu, Red Hat Enterprise Linux, and Fedora.
– **Security Mechanisms Being Targeted**:
– Apport: A tool for crash reporting in Linux.
– systemd-coredump: Collects and saves core dumps containing information from crashed processes.
– **Attack Vector**:
– Local attackers can exploit these vulnerabilities to read sensitive data, including password hashes from the /etc/shadow file, by using the core dump of a crashed process.
– An attacker must have an unprivileged local account and be able to induce a race condition.
– **Response and Mitigation**:
– Severity rated as Moderate for CVE-2025-4598 due to the complex nature of the exploit.
– Qualys developed proof-of-concept code demonstrating the exploitation scenario.
– Canonical has rolled out updates for the apport package for all affected Ubuntu releases and recommends immediate upgrades to ensure security.
– **Automated Updates**:
– Ubuntu’s unattended-upgrades feature applies new security updates automatically within 24 hours, enhancing response efficiency.
– **Further Advisories**:
– Advisories have been issued by Gentoo, Amazon Linux, and Debian, with an important note that Debian systems are not vulnerable by default unless the corresponding core dump handler is installed.
This report is particularly relevant for security professionals focused on information security and Linux system security, as it underscores the necessity for timely updates, continuous monitoring for vulnerabilities, and understanding the implications of race conditions in security-sensitive applications.