Security

620 readers
1 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
LinearArray@programming.dev
listing: all - local
1
0
CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems (seclists.org)
submitted 2 months ago by 0x0@programming.dev to c/security@programming.dev
3 comments fedilink
 
 

Regression in signal handler.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges.

2
0
Cloudflare's recent blog regarding polyfill shows that Cloudflare never authorized Polyfill to use their name in their product (blog.cloudflare.com)
submitted 2 months ago by kryllic@programming.dev to c/security@programming.dev
0 comments fedilink
 
 

Contrary to what is stated on the polyfill.io website, Cloudflare has never recommended the polyfill.io service or authorized their use of Cloudflare’s name on their website. We have asked them to remove the false statement, and they have, so far, ignored our requests. This is yet another warning sign that they cannot be trusted.