Chinese hackers have unleashed a never-before-seen Linux backdoor

L4sBot@lemmy.world · 10 months ago

Chinese hackers have unleashed a never-before-seen Linux backdoor

MonkderZweite@feddit.ch · edit-2 10 months ago

Ok, but what does it attack? Systemd, udev, fuse, …?

Destide@feddit.uk · 10 months ago

link to another article with the cve’s: https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html

Zeth0s@lemmy.world · 10 months ago

So it’s not general to every linux distro, is it?

Destide@feddit.uk · 10 months ago

I could be wrong but this is a quick summary as I would look at it. As the Sysop for a small company running linux

Fortinet FortiOS, FortiProxy, and FortiSwitchManager:
    Type: Authentication bypass vulnerability
    Impact: If you're using any of these Fortinet products, an attacker could bypass authentication mechanisms and potentially access or control the system.
    Affect on Linux users: Only those Linux users who have these Fortinet products in their environments would be affected.

CVE-2022-39952:
    Product: Fortinet FortiNAC
    Type: Unauthenticated remote code execution (RCE)
    Impact: Attackers can remotely execute code without authentication.
    Affect on Linux users: Relevant for Linux users/administrators who use Fortinet FortiNAC in their network.

CVE-2021-22205:
    Product: GitLab CE/EE
    Type: Unauthenticated RCE
    Impact: An attacker could remotely execute code without authentication on GitLab instances.
    Affect on Linux users: This would affect Linux users who host or interact with GitLab CE/EE instances.

CVE-2019-18935:
    Product: Progress Telerik UI for ASP.NET AJAX
    Type: Unauthenticated RCE
    Impact: Allows remote code execution on affected servers using this UI component.
    Affect on Linux users: Most Linux users would not be impacted unless they host ASP.NET applications using this specific UI component.

CVE-2019-9670 / CVE-2019-9621:
    Product: Zimbra Collaboration Suite
    Type: Bundle of two vulnerabilities for unauthenticated RCE
    Impact: Attackers can remotely execute code without authentication on systems using Zimbra.
    Affect on Linux users: Linux users who use or host the Zimbra Collaboration Suite would be affected.

ProxyShell (CVE-2021-34473, CVE-2021-34523v, CVE-2021-31207):
    Product: Microsoft Exchange
    Type: Set of three chained vulnerabilities for unauthenticated RCE
    Impact: Attackers can exploit these vulnerabilities in sequence to remotely execute code on Exchange servers.
    Affect on Linux users: This primarily impacts organizations that run Microsoft Exchange servers. Directly, Linux users wouldn't be affected unless they interact with or administer these servers.

Zeth0s@lemmy.world · 10 months ago

Thanks, my understanding as well. A clickbait title…

MonkderZweite@feddit.ch · 10 months ago

Thanks!

jcg@halubilo.social · 10 months ago

deleted by creator