TLS via SMTP is opportunistic which makes connections vulnerable to man-in-the-middle-attacks. In order to prevent mitm-attacks, DANE could be used. The sender-server will first check the domain-records if dnssec is in use(and valid) and if a TLSA-record is published(and valid). If a TLSA-record is valid and matches with the certificate of the recipient-server the connection could be encrypted and the encryption is verified.
- System affected: suricata
- Software-Version: prior to 4.1
Impact: Code-Execution. The impact for this vulnerability is considered as low because an attacker could exploit this for code execution only if the configuration-file is not protected properly.
- System affected: Suricata-Update
- Software-Version: 1.0.0a1
- User-Interaction: Not required
- Impact: Remote-Code-Execution
The list of possible sources for suricata-update is downloaded from "https://www.openinfosecfoundation.org/rules/index.yaml" per default. Suricata-Update uses the insecure yaml.load()-function which could lead to remote code execution.
A few months ago I published a vulnerability in OpenElecs updater. I successfully hacked remotely OpenElec version 6.x.x and 7.x.x . OpenElec 8 is available for a while and reached version 8.0.4. So I tested the bug against this version and it's still open. An attacker who is Man-In-The-Middle can remotely compromise Openelec-Updates and plant a reverse-shell on the target.
Eric Dumazet of Google found a very dangerous remote execution bug in the Linux Kernel. It's located in the recv-syscall with the MSG_PEEK-flag set. Attackers can remotely execute code on the target..
I used a google-dork to find vulnerable software:
And found some possible targets:
The latest wikileaks revealings gave also insights about an interesting bug in cisco products. No I am not talking about the bug in the Cisco Cluster Management Protocol (CMP). I am talking about the open telnet ports.Ten years ago it was already recommended to use ssh instead and there are still so many devices out t
During my research about update mechanisms of open-source software I discovered vulnerabilities in OpenElec.
Many years ago, someone mentioned on a congress that apache has an interesting feature: if apache doesn't know a file-extension, it will just take the next one. If someone saves a file called "shell.php.ab", apache would not know what to do with the extension ".ab". So it will just skip this one and uses the next one and the file "evil.php.ab" becomes "evil.php" and gets executed.