{"id":1270633,"date":"2024-08-07T14:32:07","date_gmt":"2024-08-07T16:32:07","guid":{"rendered":"https:\/\/teknomers.com\/fr\/une-nouvelle-technique-dexploitation-du-noyau-linux-slubstick-decouverte-par-des-chercheurs\/"},"modified":"2024-08-07T14:32:11","modified_gmt":"2024-08-07T16:32:11","slug":"une-nouvelle-technique-dexploitation-du-noyau-linux-slubstick-decouverte-par-des-chercheurs","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/une-nouvelle-technique-dexploitation-du-noyau-linux-slubstick-decouverte-par-des-chercheurs\/","title":{"rendered":"Une nouvelle technique d&#8217;exploitation du noyau Linux \u00ab SLUBStick \u00bb d\u00e9couverte par des chercheurs"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">07 ao\u00fbt 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Linux \/ Vuln\u00e9rabilit\u00e9<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/08\/Une-nouvelle-technique-dexploitation-du-noyau-Linux-SLUBStick.png\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Des chercheurs en cybers\u00e9curit\u00e9 ont mis en lumi\u00e8re une nouvelle technique d&#8217;exploitation du noyau Linux baptis\u00e9e <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/IAIK\/SLUBStick\" target=\"_blank\">B\u00e2ton SLUB<\/a> cela pourrait \u00eatre exploit\u00e9 pour \u00e9lever une vuln\u00e9rabilit\u00e9 de tas limit\u00e9e \u00e0 une primitive de lecture et d&#8217;\u00e9criture de m\u00e9moire arbitraire.<\/p>\n<p>\u00ab Au d\u00e9part, il exploite un canal auxiliaire de synchronisation de l&#8217;allocateur pour effectuer une attaque cross-cache de mani\u00e8re fiable \u00bb, a d\u00e9clar\u00e9 un groupe d&#8217;universitaires de l&#8217;Universit\u00e9 de technologie de Graz. <a rel=\"nofollow noopener\" href=\"https:\/\/www.stefangast.eu\/papers\/slubstick.pdf\" target=\"_blank\">dit<\/a> [PDF]\u00ab Concr\u00e8tement, l\u2019exploitation des fuites par canal auxiliaire pousse le taux de r\u00e9ussite \u00e0 plus de 99 % pour les caches g\u00e9n\u00e9riques fr\u00e9quemment utilis\u00e9s. \u00bb<\/p>\n<p>Les vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 de la m\u00e9moire affectant le noyau Linux ont des capacit\u00e9s limit\u00e9es et sont beaucoup plus difficiles \u00e0 exploiter en raison de fonctionnalit\u00e9s de s\u00e9curit\u00e9 telles que la pr\u00e9vention d&#8217;acc\u00e8s en mode superviseur (<a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Supervisor_Mode_Access_Prevention\" target=\"_blank\">Carte de la r\u00e9gion de la SMAP<\/a>), Randomisation de la disposition de l&#8217;espace d&#8217;adressage du noyau (<a rel=\"nofollow noopener\" href=\"https:\/\/lwn.net\/Articles\/962782\/\" target=\"_blank\">KASLR<\/a>) et l&#8217;int\u00e9grit\u00e9 du flux de contr\u00f4le du noyau (<a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/kcfi\/kcfi\" target=\"_blank\">kCFI<\/a>).<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thehackernews.uk\/ever-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/08\/1722872960_626_Des-organisations-kazakhes-ciblees-par-des-cyberattaques-de-type.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Bien que les attaques logicielles inter-cache aient \u00e9t\u00e9 con\u00e7ues comme un moyen de contrer les strat\u00e9gies de renforcement du noyau telles que la s\u00e9paration grossi\u00e8re des tas, des \u00e9tudes ont montr\u00e9 que les m\u00e9thodes existantes n&#8217;ont qu&#8217;un taux de r\u00e9ussite de 40 %.<\/p>\n<p>SLUBStick a \u00e9t\u00e9 d\u00e9montr\u00e9 sur les versions 5.19 et 6.2 du noyau Linux en utilisant neuf failles de s\u00e9curit\u00e9 (par exemple, double lib\u00e9ration, utilisation apr\u00e8s lib\u00e9ration et \u00e9criture hors limites) d\u00e9couvertes entre 2021 et 2023, conduisant \u00e0 une escalade des privil\u00e8ges vers root sans authentification et \u00e0 des \u00e9chappements de conteneur.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/08\/1723048327_674_Une-nouvelle-technique-dexploitation-du-noyau-Linux-SLUBStick.png\" style=\"display: block; text-align: center; clear: left; float: left;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/08\/1723048327_674_Une-nouvelle-technique-dexploitation-du-noyau-Linux-SLUBStick.png\" alt=\"\" border=\"0\" data-original-height=\"471\" data-original-width=\"1599\"\/><\/a><\/div>\n<p>L\u2019id\u00e9e principale derri\u00e8re cette approche est d\u2019offrir la possibilit\u00e9 de modifier les donn\u00e9es du noyau et d\u2019obtenir une primitive de lecture et d\u2019\u00e9criture de m\u00e9moire arbitraire d\u2019une mani\u00e8re qui surmonte de mani\u00e8re fiable les d\u00e9fenses existantes comme KASLR.<\/p>\n<p>Cependant, pour que cela fonctionne, le mod\u00e8le de menace suppose la pr\u00e9sence d\u2019une vuln\u00e9rabilit\u00e9 de tas dans le noyau Linux et qu\u2019un utilisateur non privil\u00e9gi\u00e9 dispose de capacit\u00e9s d\u2019ex\u00e9cution de code.<\/p>\n<p>\u00ab SLUBStick exploite les syst\u00e8mes plus r\u00e9cents, notamment les versions 5.19 et 6.2, pour une grande vari\u00e9t\u00e9 de vuln\u00e9rabilit\u00e9s de tas \u00bb, ont d\u00e9clar\u00e9 les chercheurs.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ? Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire davantage de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/08\/new-linux-kernel-exploit-technique.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80207 ao\u00fbt 2024\ue804Ravie LakshmananLinux \/ Vuln\u00e9rabilit\u00e9 Des chercheurs en cybers\u00e9curit\u00e9 ont mis en lumi\u00e8re une nouvelle technique d&#8217;exploitation du noyau Linux baptis\u00e9e B\u00e2ton SLUB cela pourrait \u00eatre exploit\u00e9 pour \u00e9lever une vuln\u00e9rabilit\u00e9 de tas limit\u00e9e \u00e0 une primitive de lecture et d&#8217;\u00e9criture de m\u00e9moire arbitraire. \u00ab Au d\u00e9part, il exploite un canal auxiliaire de synchronisation [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1270634,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[238714,200292,238582,238778,12848,4168,4158,4165,8816,133,5858,238584,18088,200271,238334,98340,197,6778,164,238617,4172,4169,246140,8458,196,4166,238583],"class_list":["post-1270633","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-des-hackers","tag-actualites-sur-la-cybersecurite","tag-actualites-sur-la-cybersecurite-aujourdhui","tag-actualites-sur-le-piratage-informatique","tag-chercheurs","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-decouverte","tag-des","tag-dexploitation","tag-les-nouvelles-des-hackers","tag-linux","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-cybernetiques","tag-mises-a-jour-de-cybersecurite","tag-nouvelle","tag-noyau","tag-par","tag-securite-de-linformation","tag-securite-informatique","tag-securite-internet","tag-slubstick","tag-technique","tag-une","tag-violation-de-donnees","tag-vulnerabilite-du-logiciel"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1270633","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1270633"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1270633\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1270634"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1270633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1270633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1270633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}