HQ/EMEAFind out how we can help your business
Various threat actors could allegedly use a recently discovered critical Fluent Bit flaw to conduct denial-of-service and remote code execution attacks that may affect all major cloud providers and IT companies.
Fluent Bit is a widespread logging and monitoring solution for Windows, Linux, and macOS. It is included in several Kubernetes distributions, including Amazon AWS, Google GCP, and Microsoft Azure.
In a recent tally, Fluent Bit was downloaded and deployed more than 13 billion times until March 2024. This statistic is a massive increase over the three billion downloads reported in October 2022. Moreover, this new flaw could also impact cybersecurity firms since some utilise Fluent Bit, CrowdStrike Trend Micro, and other technology companies.
The new Fluent Bit flaw is a memory corruption vulnerability.
According to the investigation, the critical Fluent Bit flaw is a critical memory corruption vulnerability, tracked as CVE-2024-4323 and named Linguistic Lumberjack by the researchers who discovered it.
The researchers explained that this bug could allow even unauthenticated attackers to efficiently exploit the security issue to cause a denial of service or remotely steal critical information. In addition, hackers might also use it to gain RCE if they acquire the correct conditions and substantial time to develop a reliable exploit.
The researchers also claimed that the most immediate and primary risks are the help with which the threat actors can accomplish DoS and information leaks.
The bug discoverers have already reported the security flaw to the vendor, and the changes were relayed to Fluent Bit’s main branch earlier this month. Official versions with this update are expected to be released with Fluent Bit 3.0.4.
Furthermore, concerned individuals contacted Microsoft, Amazon, and Google last week about this significant security flaw via their vulnerability disclosure systems.
Customers who have deployed this logging tool on their infrastructure can minimise the issue until patches are available for all impacted platforms by restricting access to Fluent Bit’s monitoring API to authorised users and services.
Users can disable this vulnerable API endpoint while not in use to prevent possible exploits and reduce the attack surface.
