Code Reuse
Rule 801378 | |
---|---|
Status | Active |
Alert Message | Software vulnerable to code reuse attacks |
Contents |
[edit] Summary
The vulnerability scanner has identified that the software in your environment is not adequately hardened and could be easily exploited by a remote attacker.
[edit] Description
The weakness that the Atomicorp platform has detected confirms that your system is vulnerable to a dangerous category of code reuse attacks. These attacks would allow an attacker to use the code in the software for an unintended purpose and thus take over the system. From there, they could remotely execute the code of their choice and cause significant damage. Example attacks could be privilege escalation, traversing to other areas of your environment, direct damage to the system causing downtime or data exfiltration...among others.
Even though the software developer for this system may have good security practices in place, using rigorous code scanning, pen testing and the like, vulnerabilities still exist. Upgrading to the latest security patch does not ensure that your systems are hardened to the fullest extent necessary.
[edit] Solution
Atomicorp has partnered with RunSafe Security to harden your system from these types of attacks. RunSafe has built a software transformation engine called Alkemist which immunizes code from these types of vulnerabilities. Alkemist can apply protections directly to your system’s code and thereby render code reuse attacks inert. Our scans indicate that this vulnerable system is an ideal candidate for Alkemist protections and can be easily deployed in place of the current system.
For additional information on RunSafe Alkemist, please visit www.runsafesecurity.com
Supported Platforms :
- Redhat 7
- Centos 7
To Enable
Step 1) Add Runsafe to your subscription here https://www.atomicorp.com/amember/cart
Step 2) Select the API key from the email sent to your registered email address
Step 3) In the AWP Console, select Hub Configuration->Runsafe Security Settings
Step 4) Enable the runsafe module, add your API key, and Click Save
Step 5) Log in to the system, and run the following:
sudo /var/awp/bin/runsafe-connector.sh -s premium
Step 6) List available Alkemist updates:
sudo /var/awp/bin/runsafe-connector.sh -l
Step 7) Update the system using yum:
yum update <packagename>
[edit] Troubleshooting
[edit] False Positives
None.
[edit] Tuning Guidance
None.
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.
[edit] Notes
None.