Archive for the ‘linux security’ Category
A 5-year-old serious privilege-escalation vulnerability has been discovered in Linux kernel that affects almost every distro of the Linux operating system, including Redhat, and Ubuntu.
Over a month back, a nine-year-old privilege-escalation vulnerability, dubbed “Dirty COW,” was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat,
An estimated 80 percent of Android smartphones and tablets running Android 4.4 KitKat and higher are vulnerable to a recently disclosed Linux kernel flaw that allows hackers to terminate connections, spy on unencrypted traffic or inject malware into the parties’ communications.
Even the latest Android Nougat Preview is considered to be vulnerable.
<!– adsense –>
The security flaw was first
A highly critical vulnerability has been uncovered in the GNU C Library (glibc), a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them.
How Does the Flaw Work?
Affected Software and Devices
- Virtually all distributions of Linux.
- Programming languages such as the Python, PHP, and Ruby on Rails.
- Many others that use Linux code to lookup the numerical IP address of an Internet domain.
- Most Bitcoin software is reportedly vulnerable, too.
Who are Not Affected
Where glibc went Wrong
“glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.”
“Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.”
Proof-of-Concept Exploit Released
Patch glibc Vulnerability
So what would anyone need to bypass password protection on your computer?
It just needs to hit the backspace key 28 times, for at least the computer running Linux operating system.
A pair of security researchers from the University of Valencia have uncovered a bizarre bug in several distributions of Linux that could allow anyone to bypass any kind of authentication during
A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period.
OpenSSH is the most popular software widely used for secure remote access to Linux-based systems. Generally, the software allows 3 to 6 Password login attempts before closing a connection, but a
Posted in brute force attack, dictionary attack, hack ssh password, hacking news, linux security, Linux Vulnerability, OpenSSH, password hacking, SSH password cracking, ssh security, Vulnerability | Comments (0)
Researchers at Veracode examined whether enterprise applications were also vulnerable to the Ghost vulnerability in glibc.
Posted in Bash, Chris Wysopal, enterprise applications, GHOST vulnerability, glibc, linux security, Open Source Security, PHP, Qualys, Sucuri, Veracode, vulnerabilities, Web Security, WordPress | Comments (0)