On Tue, 9 Jan 2024, Georgi Guninski wrote:
On Tue, Jan 9, 2024 at 12:45 AM Harry Sintonen wrote:
On Mon, 8 Jan 2024, Georgi Guninski wrote:
When extracting archives cpio (at least version 2.13) preserves
the setuid flag, which might lead to privilege escalation.
So does for example tar
On Mon, 8 Jan 2024, Georgi Guninski wrote:
When extracting archives cpio (at least version 2.13) preserves
the setuid flag, which might lead to privilege escalation.
So does for example tar. The same rules that apply to tar also apply to
cpio:
"Extract from an untrusted archive only into an
ns
1. Upgrade to the NiceHash Miner 3.0.6.5 or later.
Credits
---
The vulnerability was discovered by Harry Sintonen / F-Secure Consulting.
Timeline
2021.03.28 discovered the vulnerability
2021.03.28 wrote a proof of concept exploit
2021.03.28
ends up in the HTTP response headers. In particular do
not
allow linefeed characters (ASCII characters 10 and 13) as-is.
End user mitigation
---
1. Use a dedicated browser session to access the web user interface.
Credits
---
The vulnerability was discovered by
ps://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access
Credits
---
The vulnerability was discovered by Harry Sintonen / F-Secure Corporation.
Timeline
2018.08.08 initial discovery of vulnerabilities #1 and #2
2018.08.09 reported vulnerabilities #1 and #2 to OpenSSH
-
1. Unrelated earlier privilege escalation vulnerability CVE-2017-6516 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6516
Credits
---
The vulnerability was discovered by Harry Sintonen / F-Secure Corporation.
Timeline
2018.02.13 discovered the vulner
erable versions
---
foilChat confirmed the issue fixed 2018-05-24.
Credits
---
The vulnerability was discovered by Harry Sintonen.
Timeline
2018.05.10 discovered the vulnerability
2018.05.10 reported the vulnerability via CERT-FI that forwarded it to foilChat
Vulnerable versions
---
The following GNU Wget versions are confirmed vulnerable:
- 1.7 thru 1.19.4
Mitigation
--
1. Upgrade to GNU Wget 1.19.5 or later, or to appropriate security updated
package
in your distribution
Credits
---
The vulnerability was discov
ble systems could be high.
Recommendations to vendor
-
1. In aws-cfn-bootstrap `cfn-hup` command set the `DaemonContext` umask to 077.
2. For existing installations, run `chmod -R go-rwx /var/lib/cfn-hup` as root.
End user mitigation
-------
1. Upgrade aws
he command injection vulnerabilities by performing proper input
validation (whitelisting) and/or shell metacharacter escaping, or by
utilizing execl family of functions.
End user mitigation
---
- Install the firmware update version 4.2.4 build 20170313 or later.
OR
- Restrict
-
- Install the latest firmware update, version 4.2.3 build 20170213 or later.
- If you're worried about Scraping privacy issues use external
firewall to block the QNAP device from accessing the following
external sites:
ajax.googleapis.com
www.imdb.com
akas.imdb.c
Update on the advisory: As pointed out by several people, the ERROR
macro did't fail the operation in a desired way: Files were still
being created by tar. In order to really stop tar from doing silly
things, FATAL_ERROR macro needs to be used instead.
The patch has now been updated accordingly.
t2'16 special vulnerability release -
Vulnerability: POINTYFEATHER aka Tar extract pathname bypass
Credits: Harry Sintonen / FSC1V Cyber Security Services
Date: 2016-10-27
Impact: File overwrite in certain situa
13 matches
Mail list logo
