Information Leakage / Internal Host Name Disclosure
Description
Internal Host Name Disclosure is a type of Information Leakage vulnerability (CWE-200) that can occur in both Web and API applications as well as Infrastructure. It is a vulnerability that occurs when a system or application reveals its internal host name to the public, thus potentially exposing internal system information. This vulnerability can be exploited by malicious actors to gain access to sensitive data or gain access to the system itself.
Risk
Internal Host Name Disclosure is a high risk vulnerability that can lead to a variety of attacks such as data theft, system compromise, and malicious actors gaining control of a system. It can also be used by malicious actors to gain a foothold in the system and launch further attacks.
Solution
The best solution for Internal Host Name Disclosure is to ensure that all internal host names are kept private and are not revealed to the public. This can be accomplished by using a secure network architecture and using secure protocols for communication between internal systems. Additionally, access control policies should be implemented to ensure that only authorized users have access to the internal host names.
Example
The following code example is taken from the CVE-2020-6273 vulnerability. This vulnerability affected the Linux kernel and allowed an unprivileged user to leak host name information from a privileged process.
int ___do_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
if (option == PR_SET_SECUREBITS) {
if (arg2 & SECBIT_KEEP_CAPS)
set_securebits(arg2);
} else if (option == PR_GET_SECUREBITS) {
return get_securebits();
} else if (option == PR_GET_KEEPCAPS) {
return !!(current->securebits & SECBIT_KEEP_CAPS);
} else if (option == PR_SET_NAME) {
set_task_comm(current, (char __user *)arg2);
return 0;
} else if (option == PR_GET_NAME) {
return get_task_comm(current, (char __user *)arg2);
}
...
static int __init proc_init(void)
{
struct proc_dir_entry *entry;
static struct ctl_table_header *proc_sys_header;
entry = proc_create("sys/kernel/hostname", 0444, NULL,
&proc_kernel_hostname_operations);
if (entry)
entry->proc_fops->write = proc_hostname_write;
entry = proc_create("sys/kernel/hostname", 0444, NULL,
&proc_hostname_operations);
if (entry)
entry->proc_fops->write = proc_hostname_write;