RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Lua Scripted Programming Language

Product
Technology: Application Development Tools

Content

The main articles are:

Lua is a scripting language programming developed in the Tecgraf (Computer Graphics Technology Group) division of the Catholic University of Rio de Janeiro Brazil. The language interpreter is freely distributed, with open source texts in the language. Si

In terms of ideology and implementation, the Lua language is closest to JavaScript, in particular, it also implements the prototypical PLO model, but is distinguished by pascale-like syntax and more powerful and flexible designs. A characteristic feature of Lua is the implementation of a large number of software entities with a minimum of syntactic tools. So, all composite user data types (arrays, structures, sets, queues, lists) are implemented through the table mechanism, and object-oriented programming mechanisms, including multiple inheritance, using metatables, which are also responsible for overloading operations and a number of other capabilities.

2022: Fix a vulnerability that allows remote code execution

The Muhstik botnet attacks Redis servers (abbreviated from Remote Dictionary Server, a quick key-value data store in open source memory). This became known on March 29, 2022.

Malware exploits the sandbox bypass vulnerability in Lua (CVE-2022-0543).

The vulnerability received 10 out of 10 points on the hazard rating scale and allows you to remotely execute code on a system with vulnerable software.

As reported in the Ubuntu security notification published in February 2022, "due to problems with the package, a remote attacker who can execute arbitrary Lua scripts can bypass the Lua sandbox and execute arbitrary code on the host."

According to Juniper Threat Labs telemetry, attacks using this vulnerability began on March 11, 2022. The attacks consist of retrieving the malicious shell script russia.sh from the remote server, which then retrieves and executes the botnet code from another server.

For the first time documented by specialists-company the Chinese IB Netlab 360 botnet Muhstik active since March 2018 and used for cryptocurrency mining and implementation -. DDoSattacks

Malware is able to spread like to worm on - and Linux- IoT devices like home, routers GPON DD-WRT and Tomato. Over the past few years, it has exploited the following vulnerabilities:

  • CVE-2017-10271 (CVSS score 7.5 points) - the vulnerability of checking input data in Oracle WebLogic Server component of the Oracle Fusion Middleware software package;
  • CVE-2018-7600 (CVSS score 9.8 points) - vulnerability of remote code execution in Drupal;
  • CVE-2019-2725 (CVSS score 9.8 points) - vulnerability of remote code execution in Oracle WebLogic Server;
  • CVE-2021-26084 (CVSS score 9.8 points) - OGNL injection vulnerability (Object-Graph Navigation Language) in Atlassian Confluence;
  • CVE-2021-44228 (CVSS score 10.0 points) is a vulnerability of remote code execution in Apache Log4j (Log4Shell).

File:Aquote1.png
The bot connects to the IRC server to receive commands, including downloading files, executing shell commands, conducting DDoS attacks and SSH brutal force, the Juniper Threat Labs report reports.
File:Aquote2.png

Due to the exploitation of the CVE-2022-0543 vulnerability in hacker attacks, users are strongly advised to upgrade their Redis servers to the latest version of[1] as soon as possible].

Programming languages

Notes

  1. [https://www.securitylab.ru/news/530821.php Botnet Muhstik attacks Redis servers