Cybersecurity Shatters Records in 2021: Slackware Linux Vulnerability Based on SSRF Flaws
As we enter the second half of the year, the world of cybersecurity is facing a turbulent period with record-breaking numbers of software vulnerabilities being exploited. On top of that, the ongoing tensions between Washington and Beijing have prompted the return of APT and ransomware attacks after a brief hibernation.
Vulnerability Alert: Legendary Operating System at Risk
The latest security update from Slackware Linux, one of the oldest Linux distributions, has sounded the alarm for potential exploit precipitation. The update addresses multiple vulnerabilities, with one of them being classified as high-risk.
Among these vulnerabilities are remote code execution and code injection flaws, commonly affecting well-known companies. But what’s particularly concerning is the emergence of Server-Side Request Forgery (SSRF) vulnerabilities – exactly the case with Slackware Linux.
The Legacy of Slackware Linux
Dating back to 1993, Slackware Linux has cemented itself as the oldest distribution of Linux that is still supported. Created by Patrick Volkerding, it is known for its similarities with Unix and was the first Linux distribution to offer more than just basic utilities and a kernel.
Today, Slackware remains a powerful and highly secure option, but it is also notoriously known for its difficulty in mastery compared to other distributions.
The Vulnerability Disclosed
The vulnerability (CVE ID code CVE-2021-40438) was revealed on September 16th, 2021 through the Slackware Security web portal. It allows remote attackers to perform SSRF attacks, exploiting insufficient validation of user-supplied input within the mod_proxy module in the Apache HTTP Server.
By sending a specially crafted HTTP request, an attacker can manipulate the vulnerable system into initiating requests to arbitrary systems, potentially gaining access to sensitive data or sending malicious requests.
A Warning for Slackware Linux Users
If you are a user of Slackware Linux, it is important to update your system as soon as possible. The vulnerable software versions include 14.0, 14.1, and 14.2. Fortunately, a fix has been released and is available for multiple versions. As stated by the official security report, “New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.”
About the Author – Mirza Silajdzic
Mirza Silajdzic is a senior news journalist and a proficient tech and cybersecurity expert. With a degree in Global Communications, he brings extensive knowledge and meticulous writing skills to the table. His areas of expertise include emerging technologies like generative AI and quantum computing, as well as vital topics such as malware, scams, and cybersecurity awareness.
His articles have been published on prestigious platforms like Heimdal Security and the official EU portal. He is also highly engaged with other experts in the field, constantly enriching his research and staying up-to-date with the latest developments in cybersecurity and privacy.
+ There are no comments
Add yours