HackDig : Dig high-quality web security articles for hacker

Paas and continuos integration

Today I want to repost a great article first posted on sysadvent blog. I think it’s a great post that show how to integrate different software to achieve a modern continuos integration. Original article by: Written by: Paul Czarkowski (@pczarkowski) Edited by: Dan Phrawzty (@phrawzty) Docker and the ecosystem around it have done some great things for d
Publish At:2016-11-19 20:55 | Read:1740 | Comments:0 | Tags:Articles Guides alias continuos integration ghost infrastruc

Exim Mail Server GHOST Exploit Now Available

On January 27, 2015, Qualys publicly released a security advisory in glibc’s gethostbyname set of functions, also known as GHOST, which exposes a heap-based buffer overflow affecting a wide range of operating systems and applications using glibc between versions 2.2 and 2.18. CVE-2015-0235 was assigned to this issue.The vulnerability was found during a code
Publish At:2015-04-30 03:25 | Read:1163 | Comments:0 | Tags:Latest from CoreLabs GHOST Vulnerability Advisory exploit

Oracle CPU Delivers 98 Fixes Across Product Line

Released alongside patches from Microsoft and Adobe yesterday, Oracle’s regularly scheduled Critical Patch Update fixed 98 issues across a handful of products, including Oracle’s Database, Fusion Middleware, Java SE, and MySQL, to name a few.One of the most pressing issues the update resolves is a vulnerability (CVE-2015-0457) that affects Oracle
Publish At:2015-04-15 17:55 | Read:930 | Comments:0 | Tags:Vulnerabilities GHOST Java SE Oracle oracle database Patch m

WordPress and the GHOST Vulnerability

On Jan. 27, Qualys released a security advisory for what it termed the “GHOST” vulnerability. This was a few hours after the vulnerability was mistakenly leaked by a public relations agency on a French mailing list, possibly forcing the company’s hand to release the advisory before it had planned to. The vulnerability is a buffer overflow v
Publish At:2015-03-06 16:20 | Read:977 | Comments:0 | Tags:Application Security Software & App Vulnerabilities Cyberatt

The GHOST vulnerability is a threat to critical business applications

Researchers at Veracode discovered that nearly 41% of enterprise applications using GNU C Library employ the Ghost-ridden ‘gethostbyname’ function. GNU C Library (glibc) vulnerability, named as the GHOST vulnerability, was released by Qualys Guard on 27th January 2015. Severity of this vulnerability is “CRITI
Publish At:2015-02-09 02:30 | Read:1290 | Comments:0 | Tags:Security enterprise applications gethostbyname Ghost GNU C l

Security Slice: GHOST in the Shell

At the end of January, security firm Qualys disclosed a new vulnerability they dubbed “GHOST” (CVE 2015-0235). GHOST is a critical vulnerability in glibc, the GNU C library, and it impacts Linux systems dating back to 2000.Redhat listed GHOST in its CVE database as ‘critical’ with a CVSS v2 score of 6.8, and the media immediately began to compare GHOST to ot
Publish At:2015-02-05 03:35 | Read:1170 | Comments:0 | Tags:Security Slice GHOST Linux vulnerability

GHOST a 14 year old vulnerability in Linux

New vulnerability have been discovered by Qualys security researchers called GHOST that affect Linux based systems in the  glibc-2.2 (GNU C Library) since 2000. Ghost allow attacker to control a system without having any credentials.The vulnerability may exist on several servers including mail servers, MySQL-servers, SSH servers and even services processed
Publish At:2015-02-01 20:35 | Read:925 | Comments:0 | Tags:Vulnerabilities Vulnerabilities & attacks Ghost Vulnerabilit

Weekly Metasploit Wrapup: GHOST Exposures

No, I Will Not Make A Ghost Pun This week was marked -- some might say mauled -- by the news of another cutely-named vulnerability, GHOST. I'm sure it's a huge deal and justified all of the ballyhoo surrounding it, so I won't get into all that. If you're looking for some technical background, please see Michal Zalewski's excellent analysis. Since w
Publish At:2015-01-31 02:50 | Read:1517 | Comments:0 | Tags:weekly-wrapup ghost yaml ruby wordpress

Critical Ghost bug could haunt WordPress and PHP apps, too

Add PHP applications and the WordPress Web platform to the list of wares that may be susceptible to the critical Linux vulnerability known as Ghost.Further ReadingHighly critical “Ghost” allowing code execution affects most Linux systemsNew bug haunting Linux could spark "a lot of collateral damage on the Internet."As Ars reported Wednesday, the flaw res
Publish At:2015-01-30 23:00 | Read:1141 | Comments:0 | Tags:Risk Assessment Technology Lab ghost Linux php security word

GHOST Vulnerability In glibc – Everything You Need To Know

So the big panic in the past week or so has been about this GHOST vulnerability in glibc which under certain circumstances can allow remote code execution (serious business!).So we’ve had Heartbleed, POODLE and Shellshock and now we have awfully cute GHOST.What is it?The CVE for GHOST is – CVE-2015-0235, the technical explanation:Heap-based buffe
Publish At:2015-01-30 18:50 | Read:1307 | Comments:0 | Tags:Exploits/Vulnerabilities Linux Hacking ghost ghost exploit g

Ghost in the Machine: Linux Zero-Day Vulnerability Opens Door for Attack

On Tuesday, Jan. 27, a zero-day vulnerability (CVE-2015-0235) was disclosed in the Linux operating system that allows malicious code to be executed on servers that use the GNU C Library (glibc) functionality. Linux programs that contain glibc are also affected. The specific call, gethostbyname(), can be triggered by any type of Domain Name System (DNS) resol
Publish At:2015-01-29 19:40 | Read:1159 | Comments:0 | Tags:Software & App Vulnerabilities Vulns / Threats Ghost IBM X-F

Critical “GHOST” Vulnerability Released

A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discovered by Qualys security researchers and will probably cause a lot of headaches to those who won’t update right away. Where does the issue come from? This is a buffer overflow issue in glibc’s f
Publish At:2015-01-29 00:55 | Read:1001 | Comments:0 | Tags:Linux Server Website Security WordPress Security Ghost Vulne

Critical “GHOST” Vulnerability Released

A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discovered by Qualys security researchers and will probably cause a lot of headaches to those who won’t update right away. Where does the issue come from? This is a buffer overflow issue in glibc’s f
Publish At:2015-01-28 18:40 | Read:1097 | Comments:0 | Tags:Linux Server Website Security WordPress Security Ghost Vulne

GHOST Vulnerability…Scary Indeed

Posted January 28, 2015   BeyondTrust Research TeamA vulnerability discovered by Qualys security researchers has surfaced within the GNU C Library that affects virtually all Linux operating systems. The vulnerability lies within the various gethostbyname*() functions and, as such, has been dubbed “GHOST.” GHOST is particularly nasty considerin
Publish At:2015-01-28 17:45 | Read:1028 | Comments:0 | Tags:Network Security Security Research Vulnerability Management

Not So Spooky: Linux “Ghost” Vulnerability

Researchers at Qualys have found a vulnerability in the GNU C Library (alternately known as glibc), which can be used to run arbitrary code on systems running various Linux operating systems. The vulnerability (assigned as CVE-2015-0235) has been dubbed GHOST and is the latest vulnerability to receive a “friendly” name, joining others like Heartb
Publish At:2015-01-28 17:40 | Read:1180 | Comments:0 | Tags:Exploits Vulnerabilities Ghost glibc Linux Vulnerability

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud