On Tue, 9 Jan 2024, Georgi Guninski wrote:
On Tue, Jan 9, 2024 at 12:45 AM Harry Sintonen wrote:
On Mon, 8 Jan 2024, Georgi Guninski wrote:
When extracting archives cpio (at least version 2.13) preserves
the setuid flag, which might lead to privilege escalation.
So does for example tar
On Mon, 8 Jan 2024, Georgi Guninski wrote:
When extracting archives cpio (at least version 2.13) preserves
the setuid flag, which might lead to privilege escalation.
So does for example tar. The same rules that apply to tar also apply to
cpio:
"Extract from an untrusted archive only into
. Upgrade to the NiceHash Miner 3.0.6.5 or later.
Credits
---
The vulnerability was discovered by Harry Sintonen / F-Secure Consulting.
Timeline
2021.03.28 discovered the vulnerability
2021.03.28 wrote a proof of concept exploit
2021.03.28 contacted NiceHash over secur
particular do
not
allow linefeed characters (ASCII characters 10 and 13) as-is.
End user mitigation
---
1. Use a dedicated browser session to access the web user interface.
Credits
---
The vulnerability was discovered by Harry Sintonen / F-Secure Consulting.
Timeline
effgeerling.com/blog/brief-history-ssh-and-remote-access
Credits
---
The vulnerability was discovered by Harry Sintonen / F-Secure Corporation.
Timeline
2018.08.08 initial discovery of vulnerabilities #1 and #2
2018.08.09 reported vulnerabilities #1 and #2 to OpenSSH
2018.0
-
1. Unrelated earlier privilege escalation vulnerability CVE-2017-6516 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6516
Credits
---
The vulnerability was discovered by Harry Sintonen / F-Secure Corporation.
Timeline
2018.02.13 discovered the vuln
the issue fixed 2018-05-24.
Credits
---
The vulnerability was discovered by Harry Sintonen.
Timeline
2018.05.10 discovered the vulnerability
2018.05.10 reported the vulnerability via CERT-FI that forwarded it to foilChat
security contact
2018.05.24 foilCha
jar.txt
Vulnerable versions
---
The following GNU Wget versions are confirmed vulnerable:
- 1.7 thru 1.19.4
Mitigation
--
1. Upgrade to GNU Wget 1.19.5 or later, or to appropriate security updated
package
in your distribution
Credits
---
The vulnerability was discovered by Harry S
1. In aws-cfn-bootstrap `cfn-hup` command set the `DaemonContext` umask to 077.
2. For existing installations, run `chmod -R go-rwx /var/lib/cfn-hup` as root.
End user mitigation
---
1. Upgrade aws-cfn-bootstrap to 1.4-22.14.amzn1 or or later
2. chmod -R go-rwx /var/lib/cfn-hu
caping, or by
utilizing execl family of functions.
End user mitigation
---
- Install the firmware update version 4.2.4 build 20170313 or later.
OR
- Restrict access to the web user interface (ports 8080 and 443).
Credits
---
The vulnerabilities were discovered by H
issues use external
firewall to block the QNAP device from accessing the following
external sites:
ajax.googleapis.com
www.imdb.com
akas.imdb.com
Credits
---
The vulnerabilities were discovered by Harry Sintonen / F-Secure Oyj.
Timeline
30.01.2016 discov
t2'16 special vulnerability release -
Vulnerability: POINTYFEATHER aka Tar extract pathname bypass
Credits: Harry Sintonen / FSC1V Cyber Security Services
Date: 2016-10-27
Impact: File overwrite in certain situations
12 matches
Mail list logo