HackDig : Dig high-quality web security articles for hackers

Security expert disclosed a full zero-day drive-by exploit for Linux leveraging SNES

The security expert Chris Evans has disclosed a zero-day exploit successfully tested on Ubuntu and Fedora distributions that may affect other distros. The security expert Chris Evans has disclosed a zero-day exploit for Ubuntu and Fedora distributions. The flaw is a full drive-by download exploit that may impact also other Linux distributions. The researcher
Publish At:2016-12-18 11:10 | Read:5925 | Comments:0 | Tags:Breaking News Hacking exploit Fedora full 0-day drive-by exp

Secure distribution of RPM packages

This blog post looks at the final part of creating secure software: shipping it to users in a safe way. It explains how to use transport security and package signatures to achieve this goal. yum versus rpm There are two commonly used tools related to RPM package management, yum and rpm. (Recent Fedora versions have replaced yum with dnf, a rewrite with simil
Publish At:2015-08-19 16:35 | Read:3358 | Comments:0 | Tags:Fedora Integrity Red Hat Enterprise Linux dnf RPM TLS yum

libuser vulnerabilities

It was discovered that the libuser library contains two vulnerabilities which, in combination, allow unprivileged local users to gain root privileges. libuser is a library that provides read and write access to files like /etc/passwd, which constitute the system user and group database. On Red Hat Enterprise Linux it is a central system component. What is be
Publish At:2015-07-23 15:35 | Read:4234 | Comments:0 | Tags:Fedora Red Hat Enterprise Linux Vulnerabilities CVE-2015-324

Single sign-on with OpenConnect VPN server over FreeIPA

In March of 2015 the 0.10.0 version of OpenConnect VPN was released. One of its main features is the addition of MS-KKDCP support and GSSAPI authentication. Putting the acronyms aside that means that authentication in FreeIPA, which uses Kerberos, is greatly simplified for VPN users. Before explaining more, let’s first explore what the typical login pr
Publish At:2015-06-18 11:35 | Read:4581 | Comments:0 | Tags:Cryptography Features Fedora Security authentication GSSAPI

VENOM, don’t get bitten.

CC BY-SA CrowdStrike QEMU is a generic and open source machine emulator and virtualizer and is incorporated in some Red Hat products as a foundation and hardware emulation layer for running virtual machines under the Xen and KVM hypervisors. CVE-2015-3456 (aka VENOM) is a security flaw in the QEMU’s Floppy Disk Controller (FDC) emulation. It can be exp
Publish At:2015-05-13 12:30 | Read:4326 | Comments:0 | Tags:Fedora Red Hat Enterprise Linux Vulnerabilities CVE CVE-2015

Samba vulnerability (CVE-2015-0240)

Samba is the most commonly used Windows interoperability suite of programs, used by Linux and Unix systems. It uses the SMB/CIFS protocol to provide a secure, stable, and fast file and print services. It can also seamlessly integrate with Active Directory environments and can function as a domain controller as well as a domain member (legacy NT4-style domain
Publish At:2015-02-23 19:35 | Read:4265 | Comments:0 | Tags:Fedora Red Hat Enterprise Linux Vulnerabilities CVE-2015-024

Before you initiate a “docker pull”

In addition to the general challenges that are inherent to isolating containers, Docker brings with it an entirely new attack surface in the form of its automated fetching and installation mechanism, “docker pull”. It may be counter-intuitive, but “docker pull” both fetches and unpacks a container image in one step. There is no verifi
Publish At:2014-12-20 05:25 | Read:3738 | Comments:0 | Tags:Fedora Red Hat Security Docker


Tag Cloud