Kellermann spent several more hours trying to work out the root of the issue and finally settled on the fact that it had to be a bug in the Linux kernel. That’s why it’s more likely to corrupt the last day.” Of course, the last day of the month is sent at the end the last day of the month is always followed by the “PK” header. When a website owner downloads the access log, the server starts with the first day of the month, then the second day, and so on. “My first flash of inspiration why it’s always the last day of the month which gets corrupted. “PK”, that’s how all ZIP headers start,” Kellermann said in a post explaining the bug. Eventually, I realized that 50 4b is ASCII for “P” and “K”. For hours, I stared holes into the code but could not find an explanation. With corrupt data, we would see different (but wrong) CRC values. Always the same CRC - this implies that this cannot be the result of a CRC calculation. “I compared all known-corrupt files and discovered, to my surprise, that all of them had the same CRC32 and the same “file length” value. The same issue happened several more times in the next couple of months, and Kellermann found each time that the contents of the file looked correct, save for the CRC error.Īfter quite a bit of digging and investigation, Kellermann eventually found some commonalities among all of the corrupted files on the server. He found a cyclic redundancy check (CRC) error in the file, which he fixed and then moved on. The customer was having an issue decompressing nightly log files, and Kellermann discovered a corrupt file on the log server. It began in February 2021 when Max Kellermann received a support ticket from a customer of IONOS, the hosting provider where he works. But this flaw (CVE-2022-0847) has an unusual origin story. Many vulnerabilities are discovered by researchers who are digging into a particular app or code base, looking for potential issues. The bug affects the major Linux distributions going back to version 5.8 and Android, but a fix was included in the latest Linux kernel and Android releases in late February. A newly disclosed vulnerability in the Linux kernel could allow an attacker to write any data into an arbitrary file and gain elevated privileges.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |