Code Reuse

From Atomicorp Wiki
Revision as of 18:31, 16 December 2021 by Scott (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 801378
Status Active
Alert Message Software vulnerable to code reuse attacks

Contents

[edit] Summary

The vulnerability scanner has identified that the software in your environment is not adequately hardened and could be easily exploited by a remote attacker.

[edit] Description

The weakness that the Atomicorp platform has detected confirms that your system is vulnerable to a dangerous category of code reuse attacks. These attacks would allow an attacker to use the code in the software for an unintended purpose and thus take over the system. From there, they could remotely execute the code of their choice and cause significant damage. Example attacks could be privilege escalation, traversing to other areas of your environment, direct damage to the system causing downtime or data exfiltration...among others.

Even though the software developer for this system may have good security practices in place, using rigorous code scanning, pen testing and the like, vulnerabilities still exist. Upgrading to the latest security patch does not ensure that your systems are hardened to the fullest extent necessary.

[edit] Solution

Atomicorp has partnered with RunSafe Security to harden your system from these types of attacks. RunSafe has built a software transformation engine called Alkemist which immunizes code from these types of vulnerabilities. Alkemist can apply protections directly to your system’s code and thereby render code reuse attacks inert. Our scans indicate that this vulnerable system is an ideal candidate for Alkemist protections and can be easily deployed in place of the current system.

For additional information on RunSafe Alkemist, please visit www.runsafesecurity.com


Supported Platforms :

  • Redhat 7
  • Centos 7


To Enable

Step 1) Add Runsafe to your subscription here https://www.atomicorp.com/amember/cart

Step 2) Select the API key from the email sent to your registered email address

Step 3) In the AWP Console, select Hub Configuration->Runsafe Security Settings

Step 4) Enable the runsafe module, add your API key, and Click Save

Step 5) Log in to the system, and run the following:

sudo /var/awp/bin/runsafe-connector.sh -s premium

Step 6) List available Alkemist updates:

sudo /var/awp/bin/runsafe-connector.sh -l

Step 7) Update the system using yum:

yum update <packagename>

[edit] Troubleshooting

[edit] False Positives

None.

[edit] Tuning Guidance

None.

[edit] Additional Information

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

None.

Personal tools