21 December 2019
This year I want to send you merry christmas by creating a blog-entry for a raspberry pi christmas project. The “christmas-machine” displays merry christmas and wishes for the “christkind” on a tft display for the raspberry. It is possible to send christmas wishes using a web applications that can be accessed via wifi. I placed this installation at the coffee-kitchen in the office and it was very nice to see that my colleges had a lot of fun with it.
Blesses for “Brother Patrick” who spent me that wonderful Joy-IT TFT display.
11 December 2019
I gave a talk at the BSides 2019 Vienna about PHP Object Injection. Here is the abstract of this talk:
2 December 2019
Identifier: AIT-SA-20191129-01
Target: OkayCMS
Vendor: OkayCMS
Version: all versions including 2.3.4
CVE: CVE-2019-16885
Accessibility: Local
Severity: Critical
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Summary
OkayCMS is a simple and functional content managment system for an online store.
2 December 2019
Identifier: AIT-SA-20191112-01
Target: FreeRadius
Vendor: FreeRadius
Version: all versions including 3.0.19
Fixed in Version: 12.2.3, 12.1.8 and 12.0.8
CVE: CVE-2019-10143
Accessibility: Local
Severity: Low
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Summary
7 November 2019
I started this blog five years ago. In the beginning I wrote mostly articles about sysadmin and programming. Now its also filled with security related stuff. It’s fascinating for me to have a history of my interests. It’s sadly that my spare time got rare and so it happens that I don’t write much lately. My intention for the next 5 years is, to be more consequent with writing articles.
4 October 2019
Overview
- Identifier: AIT-SA-20190930-01
- Target: GitLab Omnibus
- Vendor: GitLab
- Version: 7.4 through 12.2.1
- Fixed in Version: 12.2.3, 12.1.8 and 12.0.8
- CVE: CVE-2019-15741
- Accessibility: Local
- Severity: Low
- Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Vulnerability Description
GitLab Omnibus sets the ownership of the log directory to the system-user “git”, which might let local users obtain root access because of unsafe interaction with logrotate.
7 May 2019
Overview
- System affected: Debian packages of groonga/-httpd 6.1.5-1
- Software-Version: 6.1.5-1
- User-Interaction: Not required
- Impact: Local root
- CVE: CVE-2019-11675
7 May 2019
This year I gave a talk at the Easterhegg 2019 about a Linux kernel rootkit that can handle containers. I mainly presented my Bachelor work from 2017 with some improvements.
1 May 2019
Logrotate is prone to a race-condition on systems with a log directory that is in control of a low privileged user. A malicious user could trick logrotate to create files in any directory if it is executed as root. This might lead into a privileged escalation.