Linux has been exploited by a highly severe vulnerability (CVE-2022-0847) that is being called ‘Dirty Pipe’. This vulnerability can allow local users to gain root privileges through publicly available exploits and is considered one of the most significant Linux security vulnerabilities that have been discovered since 2016 when another high-severity and easy-to-exploit Linux bug (dubbed … Continue reading “New Linux Elevation of Privilege Vulnerability Exploited in the Wild (Dirty Pipe) (CVE-2022-0847)”
Tag: Linux
Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)
The Apache Software Foundation has published additional security updates for its HTTP Server to remediate an incomplete fix for a path traversal and Remote Code Execution (RCE) vulnerability patched in the first week of October 2021 (CVE-2021-41773). CVE-2021-42013 is based upon a path normalization bug, which allowed an unauthenticated remote user to view files on the Apache Web … Continue reading “Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)”
Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)
Apache Software Foundation has published HTTP Web Server version 2.4.50 to fix the CVE-2021-41773 vulnerability in Apache Server version 2.4.49. This is a path traversal and file disclosure flaw that could allow attackers to gain access to sensitive data, and according to the report, is being actively exploited. The Apache HTTP Server is a cross-platform, … Continue reading “Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)”
Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)
As part of its monthly Patch Tuesday security updates, Microsoft has patched a collection of four vulnerabilities in OMI (Open Management Infrastructure), a mostly unknown application that the company has been silently installing on most Linux-based Azure virtual machines and related systems. OMI (Open Management Infrastructure) OMI, the app is the Linux equivalent of Microsoft’s … Continue reading “Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)”
Sequoia – Linux’s Filesystem Layer Local Privilege Escalation Vulnerability (CVE-2021-33909)
The Qualys Research Team has discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. The Linux file system interface is implemented as a layered architecture, separating the user … Continue reading “Sequoia – Linux’s Filesystem Layer Local Privilege Escalation Vulnerability (CVE-2021-33909)”
Zoom path traversal into remote code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110)
Update June 5, 2020: Qualys’ standard procedure is to give proper credit to the security research teams working diligently to discover and report vulnerabilities. In our rush to deliver this article to customers, we missed giving credit to the talented Cisco Talos team, who are the original authors of this research. After additional review with a … Continue reading “Zoom path traversal into remote code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110)”
Thunderspy attacking Thunderbolt enabled PCs
Summary: In February 2020, researchers reached out to Intel with a report on Thunderbolt, which they refer to as “Thunderspy”. The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019. Description: This Vulnerability is in fact new, and their … Continue reading “Thunderspy attacking Thunderbolt enabled PCs”
EAP packet processing, PPPd buffer overflow vulnerability (CVE-2020-8597)
Summary: In the first week of March 2020, an old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. CVE-2020-8597 have CVSS Score of 9.8 can be remotely exploited by unauthenticated attackers. Description: … Continue reading “EAP packet processing, PPPd buffer overflow vulnerability (CVE-2020-8597)”
PWFeedback Buffer Overflow Vulnerability in Sudo (CVE-2019-18634)
Summary: ‘sudo’ utility allows non-privileged Linux and macOS users to run commands as Root was discovered in recent days, tracked as CVE-2019-18634. Description: A core command utility that is pre-installed on macOS and almost every UNIX or Linux-based operating system, well-known as “Sudo” Sudo’s pwfeedback option can be used to provide visual feedback when the … Continue reading “PWFeedback Buffer Overflow Vulnerability in Sudo (CVE-2019-18634)”
Multiple Systemd Vulnerabilities
Qualys has disclosed 3 vulnerabilities in systemd-journald, it has been named “System Down: A systemd-journald exploit” . systemd-journald is a system service that is responsible for collecting and storing logging data. It receives data from various sources like Kernel log messages, system log messages, Structured system log messages, Audit records etc CVE-2018-16864 and CVE-2018-16865 are memory corruptions … Continue reading “Multiple Systemd Vulnerabilities”