An unpatched security vulnerability affecting Google’s Compute Engine platform could be abused by an attacker to take over virtual machines remotely if the machine uses DHCP. “This is done by impersonating the metadata server from the targeted virtual machine’s point of view,” security researcher Imre Rad said in an analysis published Friday. “By mounting this exploit, the attacker can grant access to themselves over SSH (public key authentication) so then they can login as the root user.” According to the researcher, the issue is a consequence of weak pseudo-random numbers used by the ISC DHCP client, resulting in a scenario wherein an adversary crafts multiple DHCP packets using a set of precalculated transaction identifiers (aka XIDs) and floods the victim’s DHCP client, ultimately leading to the impersonation of the metadata server.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security