Information Leakage / Internal Host Name Disclosure

Web and APIInfrastructure

Description

Internal Host Name Disclosure is a type of Information Leakage vulnerability (CWE-200) that can occur in both Web and API applications as well as Infrastructure. It is a vulnerability that occurs when a system or application reveals its internal host name to the public, thus potentially exposing internal system information. This vulnerability can be exploited by malicious actors to gain access to sensitive data or gain access to the system itself.

Risk

Internal Host Name Disclosure is a high risk vulnerability that can lead to a variety of attacks such as data theft, system compromise, and malicious actors gaining control of a system. It can also be used by malicious actors to gain a foothold in the system and launch further attacks.

Solution

The best solution for Internal Host Name Disclosure is to ensure that all internal host names are kept private and are not revealed to the public. This can be accomplished by using a secure network architecture and using secure protocols for communication between internal systems. Additionally, access control policies should be implemented to ensure that only authorized users have access to the internal host names.

Example

The following code example is taken from the CVE-2020-6273 vulnerability. This vulnerability affected the Linux kernel and allowed an unprivileged user to leak host name information from a privileged process.

int ___do_prctl(int option, unsigned long arg2, unsigned long arg3,
                unsigned long arg4, unsigned long arg5)
{
    if (option == PR_SET_SECUREBITS) {
        if (arg2 & SECBIT_KEEP_CAPS)
            set_securebits(arg2);
    } else if (option == PR_GET_SECUREBITS) {
        return get_securebits();
    } else if (option == PR_GET_KEEPCAPS) {
        return !!(current->securebits & SECBIT_KEEP_CAPS);
    } else if (option == PR_SET_NAME) {
        set_task_comm(current, (char __user *)arg2);
        return 0;
    } else if (option == PR_GET_NAME) {
        return get_task_comm(current, (char __user *)arg2);
    }
    ...

static int __init proc_init(void)
{
    struct proc_dir_entry *entry;
    static struct ctl_table_header *proc_sys_header;

    entry = proc_create("sys/kernel/hostname", 0444, NULL,
                        &proc_kernel_hostname_operations);
    if (entry)
        entry->proc_fops->write = proc_hostname_write;

    entry = proc_create("sys/kernel/hostname", 0444, NULL,
                        &proc_hostname_operations);
    if (entry)
        entry->proc_fops->write = proc_hostname_write;

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.