A important Fluent Bit vulnerability that may be exploited in denial-of-service and distant code execution assaults impacts all main cloud suppliers and lots of know-how giants.
Fluent Bit is an especially widespread logging and metrics answer for Home windows, Linux, and macOS embedded in main Kubernetes distributions, together with these from Amazon AWS, Google GCP, and Microsoft Azure.
Till March 2024, Fluent Bit was downloaded and deployed over 13 billion instances, an enormous enhance from the three billion downloads reported in October 2022.
Fluent Bit can be utilized by cybersecurity corporations like Crowdstrike and Development Micro, and lots of tech firms, akin to Cisco, VMware, Intel, Adobe, and Dell.
Tracked as CVE-2024-4323 and dubbed Linguistic Lumberjack by Tenable safety researchers who found it, this important reminiscence corruption vulnerability was launched with model 2.0.7 and is brought on by a heap buffer overflows weak point in Fluent Bit’s embedded HTTP server’s parsing of hint requests.
Regardless that unauthenticated attackers can simply exploit the safety flaw to set off denial-of-service or to seize delicate data remotely, they might additionally use it to achieve distant code execution if given the fitting situations and sufficient time to create a dependable exploit.
“While heap buffer overflows such as this are known to be exploitable, creating a reliable exploit is not only difficult, but incredibly time intensive,” Tenable mentioned.
“The researchers believe that the most immediate and primary risks are those pertaining to the ease with which DoS and information leaks can be accomplished.”
Patches delivery with Fluent Bit 3.0.4
Tenable reported the safety bug to the seller on April 30, and fixes had been dedicated to Fluent Bit’s predominant department on Could 15. Official releases containing this patch are anticipated to ship with Fluent Bit 3.0.4 (Linux packages can be found right here).
Tenable additionally notified Microsoft, Amazon, and Google of this important safety bug on Could 15 via their vulnerability disclosure platforms.
Till fixes can be found for all impacted platforms, prospects who’ve deployed this logging utility on their very own infrastructure can mitigate the difficulty by limiting entry to Fluent Bit’s monitoring API to approved customers and companies.
It’s also possible to disable this susceptible API endpoint if it isn’t getting used to make sure that any potential assaults are blocked and the assault floor is eliminated.
