Found 130 bookmarks
Custom sorting
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs
OUTLAW is a persistent yet unsophisticated auto-propagating coinminer package observed across multiple versions over the past few years [1], [2], [3], [4]. Despite lacking stealth and advanced evasion techniques, it remains active and effective by leveraging simple but impactful tactics such as SSH brute-forcing, SSH key and cron-based persistence, and manually modified commodity miners and IRC channels. This persistence highlights how botnet operators can achieve widespread impact without relying on sophisticated techniques.
#elastic#EN#2025#OUTLOW#linux#malware#analisys
·elastic.co·
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
SSD Advisory - Linux kernel hfsplus slab-out-of-bounds Write - SSD Secure Disclosure
SSD Advisory - Linux kernel hfsplus slab-out-of-bounds Write - SSD Secure Disclosure
This advisory describes an out-of-bounds write vulnerability in the Linux kernel that achieves local privilege escalation on Ubuntu 22.04 for active user sessions. Credit An independent security researcher working with SSD Secure Disclosure. Vendor Response Ubuntu has released the following advisory and fix: https://ubuntu.com/security/CVE-2025-0927
#ssd-disclosure#EN#2025#CVE-2025-0927#Linux#kernel#hfsplus#slab-out-of-bounds#Write
·ssd-disclosure.com·
SSD Advisory - Linux kernel hfsplus slab-out-of-bounds Write - SSD Secure Disclosure
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway, it required hard-to-achieve preconditions. Looking for targets lead mainly to disappointment. On PHP however, the bug shone, and proved useful in exploiting its engine in two different ways.
#ambionics#EN#2024#cve-2024-2961#glibc#linux#PHP
·ambionics.io·
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
Shc Linux Malware Installing CoinMiner
Shc Linux Malware Installing CoinMiner
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.
#asec#2023#EN#Shell#Script#Compiler#analysis#Linux#Malware#CoinMiner#Shc
·asec.ahnlab.com·
Shc Linux Malware Installing CoinMiner
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
Shc Linux Malware Installing CoinMiner
Shc Linux Malware Installing CoinMiner
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.
#asec#2023#EN#Shell#Script#Compiler#analysis#Linux#Malware#CoinMiner#Shc
·asec.ahnlab.com·
Shc Linux Malware Installing CoinMiner
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation