Host Security - Aqua https://www.aquasec.com/tag/host-security/ Cloud Native Security, Container Security & Serverless Security Thu, 11 Jul 2024 12:08:03 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 Hunting Rootkits with eBPF: Detecting Linux Syscall Hooking Using Tracee https://www.aquasec.com/blog/linux-syscall-hooking-using-tracee/ Thu, 21 Apr 2022 09:30:00 +0000 https://www.aquasec.com/?p=14837 Hunting Rootkits with eBPF: Detecting Linux Syscall Hooking Using TraceeToday, cloud native platforms are increasingly using eBPF-based security technology. It enables the monitoring and analysis of applications’ runtime behavior by creating safe hooks for tracing internal functions and capturing important data for forensic purposes. Tracee is an open source runtime security and forensics tool for Linux that is powered by eBPF and is more …]]> CVE-2021-3156 sudo Vulnerability Allows Root Privileges https://www.aquasec.com/blog/cve-2021-3156-sudo-vulnerability-allows-root-privileges/ Mon, 01 Feb 2021 11:15:00 +0000 https://www.aquasec.com/?p=15356 CVE-2021-3156 sudo Vulnerability Allows Root PrivilegesA new severe vulnerability was found in Unix and Linux operating systems that allows an unprivileged user to exploit this vulnerability using sudo, causing a heap overflow to elevate privileges to root without authentication, or even get listed in the sudoers file. In this blog, I’ll go over how this CVE can be exploited, what …]]> CVE-2019-14287 sudo Vulnerability Allows Bypass of User Restrictions https://www.aquasec.com/blog/cve-2019-14287-sudo-linux-vulnerability/ Thu, 17 Oct 2019 12:13:23 +0000 https://www.aquasec.com/?p=15744 CVE-2019-14287 sudo Vulnerability Allows Bypass of User RestrictionsA new vulnerability was discovered earlier this week in the sudo package. Sudo is one of the most powerful and commonly used utilities installed on almost every UNIX and Linux-based operating system. The sudo vulnerability CVE-2019-14287 is a security policy bypass issue that provides a user or a program the ability to execute commands as …]]> Mitigating High Severity RunC Vulnerability (CVE-2019-5736) https://www.aquasec.com/blog/runc-vulnerability-cve-2019-5736/ Tue, 12 Feb 2019 10:53:53 +0000 https://www.aquasec.com/?p=15875 Mitigating High Severity RunC Vulnerability (CVE-2019-5736)Yesterday it was disclosed that a new high severity (CVSS score 7.2) vulnerability (CVE-2019-5736) was found in runc, that allows an attacker to potentially compromise the container host. Patches are already available from most providers (see below). Aqua customers can also prevent this vulnerability from being exploited by applying the appropriate runtime policies.  What is the vulnerability …]]> Preventing Container Breakouts with Dynamic System Call Profiling https://www.aquasec.com/blog/aqua-3-2-preventing-container-breakouts-with-dynamic-system-call-profiling/ Thu, 02 Aug 2018 09:25:41 +0000 https://www.aquasec.com/?p=15960 Preventing Container Breakouts with Dynamic System Call ProfilingRecently, IBM researchers weighed in on container isolation, having developed an algorithm for measuring how well it works, and reached the conclusion that “a Docker container with a well crafted seccomp profile (which blocks unexpected system calls) provides roughly equivalent security to a hypervisor.“ This challenge of a “well crafted seccomp profile” is exactly what we’ve address with the …]]> Bugs Gone Wild: Container (Stack) Clash and CVE-2017-1000253 https://www.aquasec.com/blog/bugs-gone-wild-container-stack-clash-and-cve-2017-1000253/ Fri, 03 Nov 2017 18:18:42 +0000 https://www.aquasec.com/?p=16142 Bugs Gone Wild: Container (Stack) Clash and CVE-2017-1000253A Stack Clash is a vulnerability in the memory management of several operating systems, including Linux. It can be exploited by attackers to corrupt memory of a privileged process in order to execute arbitrary code. Bugs Gone Wild Zero-Days are simply bugs gone wild. If a bug is not considered to to be a security …]]> Dirty COW Vulnerability: Impact on Containers https://www.aquasec.com/blog/dirty-cow-vulnerability-impact-on-containers/ Tue, 01 Nov 2016 13:55:38 +0000 https://www.aquasec.com/?p=16284 Dirty COW Vulnerability: Impact on ContainersThere has been plenty of buzz lately regarding an old-new privilege escalation vulnerability, adorably named “Dirty COW” after the Copy-On-Write memory protection in the Linux kernel. The whole thing started roughly eleven years ago, when a kernel developer left a race condition issue opened: “This is an ancient bug that was actually attempted to be …]]>