There are bugs in Ubuntu Linux too, and recently cyber security researchers have discovered a bug in the Apport crash handling software that is being shipped as a standard component of Ubuntu Linux releases. A cyber criminal can exploit this vulnerability by injecting malicious code and deceive Linux into opening the malicious file.
Where is the vulnerability?
The Apport crash handling software is a standard crash reporting tool that is being provided along with all recent releases of Ubuntu Linux. Exploiting a bug in this tool is by itself ingenious. Cyber criminals can create crash files that contain malicious code written in Python. When the tool parses the code the Python code gets executed – the malware gets executed.
The code just fools Ubuntu into executing the code as it looks as simple authentic code. Remote access tools or RATs are commonly used by hackers to perform surreptitious activities on remotely accessed computers and devices. Many RAT tools are highly advanced that have gone undetected for very long periods of time. And cybercriminals have been stealing data from such “had” devices and have also used such devices as part of bot networks. Using RATs is pretty common for executing malicious code by accessing devices through remote access.
This remote code execution bug had been reported by Donncha O’Cearbhaill, a security researcher, who stated: “The code first checks if the CrashDB field starts with { indicating the start of a Python dictionary.” Adding: “If { is found, Apport calls Python’s eval() method with the value of CrashDB field. The passed data is executed as a Python expression, leading to Python code execution.”
O’Cearbhaill reports that the vulnerability exists in all default version installations of Ubuntu 12.10 and later.
However, Ubuntu Linux users need not worry as the vulnerability has been addressed as an update that fixes this bug. As a Ubuntu Linux user all you have to do is ensure regular updates are done. Further, a Patch management system along with a robust Antivirus for Linux would ensure security of the system from hackers with malicious intent.
Related Resources
https://www.comodo.com/home/internet-security/antivirus-for-linux.php