Impact
What kind of vulnerability is it? Who is impacted?
The Falco build system did not explicitly set hardening flags to the compiler.
That potentially makes less difficult the exploitation of multiple kinds of memory corruption vulnerabilities.
All Falco versions prior to 0.28.1 are affected.
Users can check if a Falco binary is affected by using a tool like PEDA.
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been addressed by #1604
Users should upgrade to version 0.28.1 or later.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Users that are building Falco by themself can patch the CMakeLists.txt file as done by #1604 and recompile the Falco binary.
For all other users, a version upgrade is necessary.
References
Are there any links users can visit to find out more?
This vulnerability was initially reported in this security audit, and it's identified by the ID FAL-01-005.
For more information
If you have any questions or comments about this advisory:
leogr Analyst
Impact
What kind of vulnerability is it? Who is impacted?
The Falco build system did not explicitly set hardening flags to the compiler.
That potentially makes less difficult the exploitation of multiple kinds of memory corruption vulnerabilities.
All Falco versions prior to 0.28.1 are affected.
Users can check if a Falco binary is affected by using a tool like PEDA.
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been addressed by #1604
Users should upgrade to version 0.28.1 or later.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Users that are building Falco by themself can patch the
CMakeLists.txtfile as done by #1604 and recompile the Falco binary.For all other users, a version upgrade is necessary.
References
Are there any links users can visit to find out more?
This vulnerability was initially reported in this security audit, and it's identified by the ID
FAL-01-005.For more information
If you have any questions or comments about this advisory: