I worked the last weeks on suricatas configuration-parser and fixed a couple of minor bugs. Some of them made it to the new suricata 4.0.3 release.

If you type in a wrong command, bash-insulter will insult you badly.

A few weeks ago I started cmus to read in all my music and it crashed badly. I wondered how this could happen and started to investigate. So I figured out that it crashed with a segfault. After compiling it with debugging-symbols and running it with gdb I located the bug in the libcue-library and I also found out the reason why: libcue doesn’t handle unicode-files and one of my cue-files was unicode encodeded. So libcue started to detect a lot of “bad characters” before it segfaulted. The following lines of code leaded to a memory corruption:

Even if I was a little bit lazy and did not write much lately, I am very proud to announce the third anniversary of this blog.

I wrote a role for managing MaraDNS with Ansible.

Requirements

• Ansible 2.1+ (might ork with prior versions too)
• Debian-based Linux-distribution

Check_MK is a great monitoring tool. One of it’s strengths actually is, that it can automatically detect services and monitors it. I always monitored all public ip-addresses of my servers if they are listed on any dns-blacklist. I  had to add new public ip’s manually, so I reached out for a new solution. I found a nice little plugin in a GitHub-repository of HeinleinSupport. The plugin waIs great, but I missed two things. First, it checks all Ipv4-addresses of a server,  including private addresses and second it uses hardcoded dnsrbl-server. So I modified the script so that it checks only public addresses and it can use an ini-file, if it exists(otherwhise it still uses hardcoded dns-servers). My modified version check_mk-rbl is available on github.

A few months ago I published a vulnerability in OpenElecs updater. I successfully hacked remotely OpenElec version 6.x.x and 7.x.x . OpenElec 8 is available for a while and reached version 8.0.4. So I tested the bug against this version and it’s still open. An attacker who is Man-In-The-Middle can remotely compromise Openelec-Updates and plant a reverse-shell on the target.

On Saturday the Debian Project announced the release of Debian 9 “Stretch”. This means that Jessie will be oldstable and Wheezy won’t recieve any updates anymore. So it’s time to dist-upgrade.

In the Linux Kernel 4.11 a new system-call statx() was introduced. The old stat() system-call is used to get meta-data(like size, permissions aso.) of files and directories. Stat() lacks functionallity for remote filesystems and collects all the information of a file at once which might lead to slow operations. Statx() is a new implementation of stat. The caller can request specific information(like just the size of a file) to speed up the call. If the filesystem is a remote filesystem, it is possible to let statx() first sync with the remote-server before requesting the information(or just be fine with the cached infos). Another nice feature is that statx() can also be used to get extra fileattributes like: “is the file encrypted or compressed?”.