This link has various properties surrounding tolerance and delivery guarantees, as well as being supervised. A link defines a communication channel between a pair of nodes. The intention here is to establish a link with other nodes. The last integral part for our topology is a “link.” After we have established a bearer for our TIPC communications, our node will begin to broadcast discovery packets and look for other nodes. We have nodes, bearers and media types covered. They won’t, however, have permissions to send raw ethernet frames, leaving a UDP bearer the likely option. Locally, if the module is loaded, an attacker can use the underlying netlink communications to configure a bearer (credit to for his work on CVE-2021-43267). It’s worth noting here, from an exploitation context, that a remote attacker is restricted by the TIPC media types the target has already set up. Now TIPC knows it can use eth0 for communicating over Ethernet. Here we are configuring our node (aka our computer) to use a bearer with the Ethernet media type on our eth0 interface. Take this example from the TIPC Getting Started guide: A “media” is a bearer type, of which there are four currently supported: Ethernet, Infiniband, UDP/IPv4 and UDP/IPv6. TIPC communications are done over a “bearer,” which is a TIPC abstraction of a network interface. Cluster topology is managed around the concept of nodes and the links between these nodes. Transparent Inter-Process Communication (TIPC) is an IPC mechanism designed for intra-cluster communication. In this post, I’ll give a whistle-stop tour on TIPC to provide some necessary context before diving into the vulnerability itself, remediation, patching and our disclosure timeline. You can imagine my surprise when in doing so I discovered a remote stack overflow. this writeup by there hadn’t been anything on leveraging the vulnerability for remote code execution. It wasn’t long after public disclosure until proof-of-concepts for local privilege escalation were released by researchers (e.g. This was a pretty neat bug, being a modern remote heap overflow in the Linux kernel. In November 2021, SentinelLabs publicly disclosed a remote heap overflow they found in the Linux kernel networking module for the Transparent Inter-Process Communication (TIPC) protocol ( CVE-2021-43267). Affected versions include 4.8 through 5.17-rc3.
0 Comments
Leave a Reply. |