Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive

On Tue, 9 Jan 2024, Georgi Guninski wrote: On Tue, Jan 9, 2024 at 12:45 AM Harry Sintonen wrote: On Mon, 8 Jan 2024, Georgi Guninski wrote: When extracting archives cpio (at least version 2.13) preserves the setuid flag, which might lead to privilege escalation. So does for example tar

Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive

On Mon, 8 Jan 2024, Georgi Guninski wrote: When extracting archives cpio (at least version 2.13) preserves the setuid flag, which might lead to privilege escalation. So does for example tar. The same rules that apply to tar also apply to cpio: "Extract from an untrusted archive only into

[FD] NiceHash Miner Excavator API Cross-Site Request Forgery

. Upgrade to the NiceHash Miner 3.0.6.5 or later. Credits --- The vulnerability was discovered by Harry Sintonen / F-Secure Consulting. Timeline 2021.03.28 discovered the vulnerability 2021.03.28 wrote a proof of concept exploit 2021.03.28 contacted NiceHash over secur

[FD] D-Link DGS-1250 header injection vulnerability

particular do not allow linefeed characters (ASCII characters 10 and 13) as-is. End user mitigation --- 1. Use a dedicated browser session to access the web user interface. Credits --- The vulnerability was discovered by Harry Sintonen / F-Secure Consulting. Timeline

[FD] SCP client multiple vulnerabilities

effgeerling.com/blog/brief-history-ssh-and-remote-access Credits --- The vulnerability was discovered by Harry Sintonen / F-Secure Corporation. Timeline 2018.08.08 initial discovery of vulnerabilities #1 and #2 2018.08.09 reported vulnerabilities #1 and #2 to OpenSSH 2018.0

[FD] MagniComp SysInfo Information Exposure [CVE-2018-7268]

- 1. Unrelated earlier privilege escalation vulnerability CVE-2017-6516 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6516 Credits --- The vulnerability was discovered by Harry Sintonen / F-Secure Corporation. Timeline 2018.02.13 discovered the vuln

[FD] foilChat sign up email PIN confirmation bypass

the issue fixed 2018-05-24. Credits --- The vulnerability was discovered by Harry Sintonen. Timeline 2018.05.10 discovered the vulnerability 2018.05.10 reported the vulnerability via CERT-FI that forwarded it to foilChat security contact 2018.05.24 foilCha

[FD] GNU Wget Cookie Injection [CVE-2018-0494]

jar.txt Vulnerable versions --- The following GNU Wget versions are confirmed vulnerable: - 1.7 thru 1.19.4 Mitigation -- 1. Upgrade to GNU Wget 1.19.5 or later, or to appropriate security updated package in your distribution Credits --- The vulnerability was discovered by Harry S

[FD] aws-cfn-bootstrap local code execution as root [CVE-2017-9450]

1. In aws-cfn-bootstrap `cfn-hup` command set the `DaemonContext` umask to 077. 2. For existing installations, run `chmod -R go-rwx /var/lib/cfn-hup` as root. End user mitigation --- 1. Upgrade aws-cfn-bootstrap to 1.4-22.14.amzn1 or or later 2. chmod -R go-rwx /var/lib/cfn-hu

[FD] QNAP QTS multiple RCE vulnerabilities (CVE-2017-6361, CVE-2017-6360, CVE-2017-6359)

caping, or by utilizing execl family of functions. End user mitigation --- - Install the firmware update version 4.2.4 build 20170313 or later. OR - Restrict access to the web user interface (ports 8080 and 443). Credits --- The vulnerabilities were discovered by H

[FD] QNAP QTS 4.2.x multiple vulnerabilities

issues use external firewall to block the QNAP device from accessing the following external sites: ajax.googleapis.com www.imdb.com akas.imdb.com Credits --- The vulnerabilities were discovered by Harry Sintonen / F-Secure Oyj. Timeline 30.01.2016 discov

[FD] [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)

t2'16 special vulnerability release - Vulnerability: POINTYFEATHER aka Tar extract pathname bypass Credits: Harry Sintonen / FSC1V Cyber Security Services Date: 2016-10-27 Impact: File overwrite in certain situations