Rispondi 
 
Valutazione discussione:
  • 0 voti - 0 media
  • 1
  • 2
  • 3
  • 4
  • 5
[info/news] holes inside Apps
26-10-2018, 04:24 (Questo messaggio è stato modificato l'ultima volta il: 05-11-2018 23:23 da tele.)
Messaggio: #1

[info/news] holes inside Apps
[info/news] holes inside apps

xorg
Citazione:Privilege escalation and file overwrite in X.Org X server 1.19 and later
...
when the
X server is running with elevated privileges (ie when Xorg is
installed with the setuid bit set.
https://lists.x.org/archives/xorg-announ...02927.html

===============
About suid https://www.linuxnix.com/suid-set-suid-linuxunix/

Inside Uplos
Codice:
$ ls -l /usr/bin/Xorg
-rwxr-xr-x 1 root root 2439336 Nov  7  2015 /usr/bin/Xorg*

But variables are a weak point in programs. And I do not know if exist ideal way to secure them all.
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
05-11-2018, 23:27 (Questo messaggio è stato modificato l'ultima volta il: 05-11-2018 23:28 da tele.)
Messaggio: #2

RE: [info/news] holes inside Apps
Twelve malicious Python libraries
Citazione:All packages were put together and worked following a similar pattern. Their creator(s) copied the code of popular packages and created a new library, but with a slightly modified name. For example, four packages (diango, djago, dajngo, djanga) were misspellings of Django, the name of a very popular Python framework.
...
More in https://www.zdnet.com/article/twelve-mal...from-pypi/
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
09-11-2018, 01:37 (Questo messaggio è stato modificato l'ultima volta il: 09-11-2018 01:48 da tele.)
Messaggio: #3

RE: [info/news] holes inside Apps
VirtualBox

Leaky driver E1000 --> network card Intel PRO/1000 MT Desktop (82540EM) inside VirtualBox
Citazione:Until the patched VirtualBox build is out you can change the network card of your virtual machines to PCnet (either of two) or to Paravirtualized Network. If you can't, change the mode from NAT to another one.
...
vulnerability allowing an attacker with root/administrator privileges in a guest to escape to a host ...
More in https://github.com/MorteNoir1/virtualbox_e1000_0day

Citazione: e1000 driver is no longer maintained

https://www.intel.com/content/www/us/en/...ducts.html
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
09-12-2018, 04:17 (Questo messaggio è stato modificato l'ultima volta il: 18-12-2018 14:40 da tele.)
Messaggio: #4

RE: [info/news] holes inside Apps
Polkit
Holidays soon.
Free root access in holidays ? Smile
https://gitlab.freedesktop.org/polkit/polkit/issues/74

Edited:
From uplos (not updated)
Codice:
bash-4.3$ service xinetd status
xinetd (pid  4359) is running...

bash-4.3$ service sshd status
openssh-daemon (pid  6673) is running...

bash-4.3$ id
uid=4000000000(bihol) gid=502(bihol) groups=502(bihol)

bash-4.3$ service sshd stop
Stopping sshd: Stopping sshd:                                                                         [  OK  ]
rm: cannot remove '/var/run/sshd-s.pid': Permission denied

bash-4.3$ service xinetd stop
rm: cannot remove '/var/run/xinetd.pid': Permission denied                                            [FAILED]
rm: cannot remove '/var/lock/subsys/xinetd': Permission denied

bash-4.3$ service sshd status
openssh-daemon (pid  6673) is running...

bash-4.3$ service xinetd status
xinetd (pid  4359) is running...
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
18-12-2018, 14:37 (Questo messaggio è stato modificato l'ultima volta il: 18-12-2018 17:16 da tele.)
Messaggio: #5

RE: [info/news] holes inside Apps
Firefox
The bug narrows down to a malicious website embedding an iframe inside their source code.
https://www.zdnet.com/article/malicious-...ed-to-fix/

Edited
In "uplos" you have to wait for a new version because the portable version has missing dependencies.
( unless you want to use the esr release )
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
24-01-2019, 03:26
Messaggio: #6

RE: [info/news] holes inside Apps
A few maybe not very important holes,
and why for this is worth to pay attention

Steam https://hackerone.com/reports/409850
- fixed

Apt-get susceptible to man-in-the-middle attack
https://thehackernews.com/2019/01/linux-...cking.html
- nothing new, this is "man-in-the-middle attack"
- https it is not new, was something about year ago, so maybe it is not set in default, but in Debian you can use.

Curiosity about https
https://whydoesaptnotusehttps.com/

CPU - New "Undocumented Manufacturing Mode"
https://www.tomshardware.com/news/intel-...37883.html
- When I read about it, was not enough information to write

Curiosity: one example of the lessons how the internet works.
https://hacks.mozilla.org/2018/05/a-cart...ver-https/

Curiosity: Firefox and new way for DNS
https://ungleich.ch/en-us/cms/blog/2018/...dangerous/
- it is not vulnerability, but maybe you should know.

Think about your own safety and your nearest people.
Maybe you will install the sandbox for apps, maybe something other.
You must be aware, that not everyone will want to use the Internet in a safe way.
Because sometimes it is more difficult. Especially for older people.
You must also be aware of the threat when you use Uplos.
Because packages are old, and part of the packages maybe will never be improved ( for example apt-rpm)
http://apt-rpm.org/
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
30-01-2019, 19:10
Messaggio: #7

RE: [info/news] holes inside Apps
Just interesting links for read about malware and spyware,
maybe it will be for you too.
https://www.gnu.org/proprietary/propriet...lance.html
https://www.gnu.org/proprietary/malware-games.html
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
24-03-2019, 00:54 (Questo messaggio è stato modificato l'ultima volta il: 24-03-2019 00:55 da tele.)
Messaggio: #8

RE: [info/news] holes inside Apps
libssh2
https://thehackernews.com/2019/03/libssh...ities.html
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
17-05-2019, 15:16 (Questo messaggio è stato modificato l'ultima volta il: 17-05-2019 15:17 da tele.)
Messaggio: #9

RE: [info/news] holes inside Apps
kernel
https://www.systemtek.co.uk/2019/05/linu...019-11815/
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
20-06-2019, 21:35 (Questo messaggio è stato modificato l'ultima volta il: 20-06-2019 21:36 da tele.)
Messaggio: #10

RE: [info/news] holes inside Apps
Firefox
Citazione:JavaScript ... can allow for an exploitable crash.
https://www.mozilla.org/en-US/security/a...sa2019-18/


Kernel
(SACK)
https://github.com/Netflix/security-bull...019-001.md
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
Rispondi 


Vai al forum:


Utente(i) che stanno guardando questa discussione: 1 Ospite(i)

              Scrivici   Home   Top   Visualizza contenuti   Feed