A crucial Fluent Bit vulnerability that may be exploited in denial-of-service and distant code execution assaults impacts all main cloud suppliers and lots of know-how giants.
Fluent Bit is an especially in style logging and metrics answer for Home windows, Linux, and macOS embedded in main Kubernetes distributions, together with these from Amazon AWS, Google GCP, and Microsoft Azure.
Till March 2024, Fluent Bit was downloaded and deployed over 13 billion occasions, a large enhance from the three billion downloads reported in October 2022.
Fluent Bit can be utilized by cybersecurity corporations like Crowdstrike and Development Micro, and lots of tech corporations, similar to Cisco, VMware, Intel, Adobe, and Dell.
Tracked as CVE-2024-4323 and dubbed Linguistic Lumberjack by Tenable safety researchers who found it, this crucial reminiscence corruption vulnerability was launched with model 2.0.7 and is brought on by a heap buffer overflows weak spot in Fluent Bit’s embedded HTTP server’s parsing of hint requests.
Though unauthenticated attackers can simply exploit the safety flaw to set off denial-of-service or to seize delicate data remotely, they might additionally use it to achieve distant code execution if given the best circumstances and sufficient time to create a dependable exploit.
“Whereas heap buffer overflows similar to this are recognized to be exploitable, making a dependable exploit just isn’t solely tough, however extremely time intensive,” Tenable stated.
“The researchers consider that probably the most quick and first dangers are these pertaining to the convenience with which DoS and data leaks could be completed.”
Patches transport with Fluent Bit 3.0.4
Tenable reported the safety bug to the seller on April 30, and fixes have been dedicated to Fluent Bit’s fundamental department on Could 15. Official releases containing this patch are anticipated to ship with Fluent Bit 3.0.4 (Linux packages can be found right here).
Tenable additionally notified Microsoft, Amazon, and Google of this crucial safety bug on Could 15 by means of their vulnerability disclosure platforms.
Till fixes can be found for all impacted platforms, clients who’ve deployed this logging utility on their very own infrastructure can mitigate the difficulty by limiting entry to Fluent Bit’s monitoring API to approved customers and providers.
You may also disable this susceptible API endpoint if it isn’t getting used to make sure that any potential assaults are blocked and the assault floor is eliminated.