Fluent Bit vulnerability threatens almost all popular cloud platforms
Popular logging tool comes with a major flaw
Cybersecurity researchers from Tenable have discovered a critical vulnerability in Fluent Bit which allows malicious actors to run denial-of-service attacks, or execute bad code, remotely.
Fluent Bit is a logging and metrics solution for Windows, macOS, and Linux, and embedded in all the major Kubernetes distributions, including Amazon AWS, Google GCP, and Microsoft Azure.
The tool is extremely popular, with its website claiming it was downloaded at least 10 billion times. Apparently, many cybersecurity and tech companies also use it as part of their tech stack.
Difficult to exploit
As of version 2.0.7, Fluent Bit was found to be vulnerable to heap buffer overflow, which resulted in critical memory corruption. The researchers dubbed it Linguistic Lumberjack. It is tracked as CVE-2024-4323, but apparently exploiting it is not as straightforward.
"While heap buffer overflows such as this are known to be exploitable, creating a reliable exploit is not only difficult, but incredibly time intensive," Tenable said. "The researchers believe that the most immediate and primary risks are those pertaining to the ease with which DoS and information leaks can be accomplished."
Tenable notified Fluent Bit’s maintainers on April 30, with fixes being committed to the main branch roughly two weeks later, on May 15. Users can expect Fluent Bit version 3.0.4 to be protected from this vulnerability, and should apply the patch as soon as possible.
Those who are unable to immediately patch their endpoints should mitigate the issue by limiting access to Fluent Bit's monitoring API to authorized users and services. Even less risky mitigation would include completely disabling the vulnerable API.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“While these utilities are known to contain lots of juicy information for attackers, it’s important to realize that information leakage isn’t the only thing to be concerned with,” Tenable concluded. “It’s essential for organizations to update these utilities regularly, adopt adequate defense-in-depth measures, and utilize the principle of least privilege to ensure these tools cannot be misused by attackers.”
Via BleepingComputer
More from TechRadar Pro
- The US State Department told Microsoft that emails in its cloud were hacked last month
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.