DoS gap in logging tool Fluent Bit closed with 13 billion downloads
Security researchers warn of a critical security vulnerability in Fluent Bit. The logging tool is used by many cloud providers, among others.
(Image: Dario Lo Presti/Shutterstock.com)
With the logging tool Fluent Bit, administrators can keep track of cloud environments and networks. Attackers can now exploit a security vulnerability and paralyze instances as part of a DoS attack. A security patch is available for download.
Background
Fluent Bit is used worldwide and, according to a report from March 2024, the logging tool now has 13 billion downloads. Customers include cloud providers such as Amazon AWS and Microsoft Azure. But customers also include Adobe, Cisco and Dell, among others.
Videos by heise
However, this does not mean that these customers are automatically at risk from the vulnerability. This depends on several factors. Among other things, the individual IT infrastructure plays a role. After all, logging endpoints should be isolated behind a firewall so as not to jeopardize productive systems in the event of an incident.
The gap
In a report, security researchers from Tenable state that the vulnerability, which they describe as "critical", endangers Fluent Bit versions 2.0.7 up to and including 3.0.3. A classification of the threat level according to the CVE standard is still pending.
The vulnerability is in the HTTP server. Due to a lack of checks, problems can occur when processing trace requests, which triggers memory errors. Instances then crash as part of a DoS attack. Attackers only need to send prepared trace requests, for example with negative values, to the HTTP server.
The researchers state that they were also able to view data that was actually protected during their attempts. Depending on the network configuration, malicious code could also be executed with some effort.
Security problem solved
The developers state that they have closed the gap in the source branch. The repaired version 3.0.4 is available for download. Secured Linux packages are also available. It is currently unclear whether there are already attacks. The security researchers state that they have already informed the major cloud providers.
(des)
