Security News > 2022 > December > Back to work, Linux admins: You may have a CVSS 10 kernel bug to address

Merry Christmas, Linux systems administrators: Here's a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution.

Luckily for the sysadmins reaching for more brandy to pour in that eggnog, it doesn't appear to be that widespread. Discovered the Thalium Team vulnerability research team at French aerospace firm Thales Group in July, the vulnerability is specific to the ksmbd module that was added to the Linux kernel in version 5.15.

For those using ksmbd, there is a solution other than switching to Samba: Updating to Linux kernel version 5.15.61, released in August, or a newer version.

Lots of ready-made kit for would-be hackers can be found on the dark web; one trend recently noticed by the team at Cybersixgill has been gift card generators not only guess card numbers, but also check their validity by the thousands.

Like brute force password crackers, the tools being sold online randomly guess the digits of gift cards issued by companies like Amazon, Microsoft, Sony, Apple and others, with varying degrees of speed and accuracy based on how predictable a card's number sequence is.

Adi Bleih and Dov Lerner from Cybersixgill told The Register that using software of the kind being sold on the dark web to generate, guess and verify gift card numbers is easy enough that "a kid with Tor could do it," they said.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/24/back_to_work_linux_admins/