Even if I was a little bit lazy and did not write much lately, I am very proud to announce the third anniversary of this blog.
I wrote a role for managing MaraDNS with Ansible.
- Ansible 2.1+ (might ork with prior versions too)
- Debian-based Linux-distribution
ansible-galaxy install whotwagner.maradns
Check_MK is a great monitoring tool. One of it's strengths actually is, that it can automatically detect services and monitors it. I always monitored all public ip-addresses of my servers if they are listed on any dns-blacklist. I had to add new public ip's manually, so I reached out for a new solution. I found a nice little plugin in a GitHub-repository of HeinleinSupport. The plugin waIs great, but I missed two things.
A few months ago I published a vulnerability in OpenElecs updater. I successfully hacked remotely OpenElec version 6.x.x and 7.x.x . OpenElec 8 is available for a while and reached version 8.0.4. So I tested the bug against this version and it's still open. An attacker who is Man-In-The-Middle can remotely compromise Openelec-Updates and plant a reverse-shell on the target.
On Saturday the Debian Project announced the release of Debian 9 "Stretch". This means that Jessie will be oldstable and Wheezy won't recieve any updates anymore. So it's time to dist-upgrade.
In kernel-programming we should avoid doing call_usermodehelper() which allows to execute a command from kernel-space. And sometimes we even want to call this function within a systemcall. Normally, we really don't wanna do this. But, desperate times require extraordinary methods.
When I first tried to execute call_usermodehelper() within a systemcall() I got a kernel failure. So I googled and what I found was:
Eric Dumazet of Google found a very dangerous remote execution bug in the Linux Kernel. It's located in the recv-syscall with the MSG_PEEK-flag set. Attackers can remotely execute code on the target..
I used a google-dork to find vulnerable software:
And found some possible targets: