Posts
-
oath-toolkit: privilege escalation in pam_oath.so (CVE-2024-47191)
oath-toolkit contains libraries and utilities for managing one-time password (OTP) authentication e.g. as a second factor to password authentication. Its pam_oath.so PAM module performs unsafe operations in directories potentially controlled by unprivileged users, leading to possible privilege escalation. -
pcp: pmcd network daemon review (CVE-2024-45769), (CVE-2024-45770)
Performance Co-Pilot (PCP) is a system for collecting system performance data and sharing it over the network. We performed a review of its main networking daemon component pmcd, which resulted in the finding of two CVEs and a couple of other noticeable aspects. -
SUSE Security Team Spotlight Summer 2024
Although there have been no major security findings in recent months, the SUSE security team has not been inactive. We revisited a couple of packages like Deepin desktop D-Bus services and the Croc file sharing tool, we finalized leftover KDE6 topics, checked up on our openSSH downstream patches, reviewed an age old Emacs setuid binary and looked into an OpenVPN kernel module. -
gnome-remote-desktop: D-Bus system service in GNOME release 46 (CVE-2024-5148)
A newly added D-Bus system service for gnome-remote-desktop release 46 exposes the remote desktop private SSL certificate to other local users. -
dnf5daemon-server: Incomplete fix of CVE-2024-1929 (CVE-2024-2746)
The dnf5 D-Bus daemon security issues we found previously have been incompletely fixed. This allows for local DoS, possibly Privilege Escalation. -
KDE6 release: D-Bus and Polkit Galore
In the context of the KDE desktop version 6 major release we looked into a series of D-Bus services using Polkit for authentication. This led to a couple of interesting findings and insights. -
dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components
The dnf5 D-Bus service component allows local attackers with access to the system bus to gain root privileges or trigger denial-of-service. -
Performance Co-Pilot (pcp): Unsafe use of Directories in /var/lib/pcp and /var/log/pcp breaks pcp Service User Isolation (CVE-2023-6917)
The pcp performance analysis toolkit operates as root in directories controlled by the pcp service user, which allows to escalate privileges from pcp user to root. -
darkhttpd: timing attack and local leak of HTTP basic auth credentials
This report deals with HTTP basic auth issues in the darkhttpd project. Darkhttpd is a minimal HTTP web server implemented in the C programming language, for serving static files. -
pam: pam_namespace misses O_DIRECTORY flag in protect_dir() (CVE-2024-22365)
This is report about a local denial of service vulnerability in the pam_namespace.so PAM module. This module is part of the core PAM modules that are found in the linux-pam project. -
budgie-extras: Multiple Predictable /tmp Path Issues in Various Applications
This report is about a range of predictable /tmp path issues in various applications in the budgie-extras repository. This repository contains a range of helper applications for the Budgie desktop environment. -
hplip: Security Issues in hpps Program due to Fixed /tmp Path Usage
This report is about the problematic use of fixed temporary paths in the hpps program from the hplip project. Hplip is a collection of utilities for HP printer and scanner devices. -
Security Issues in Passim Local Caching Server
This is a report about findings in the Passim local caching server. Passim is a relatively new project for a local caching server that helps distributing publicly available files in local networks to save network bandwidth. -
File Descriptor Hijack vulnerability in open-vm-tools (CVE-2023-34059)
During a routine review of the setuid-root binary vmware-user-suid-wrapper from the open-vm-tools repository, a security vulnerability was found. CVE-2023-34059 identifies the capability to hijack file descriptor in open-vm-tools. -
check_smart.pl: unprivileged user can alter hard drive settings (CVE-2021-42257)
check_smart.pl from version 6.1 through 6.9 contained insufficient input validation that allowed any unprivileged local user to modify SMART settings, disable SMART monitoring entirely, shut down a drive or degrade a drive's performance by disabling its read cache.
subscribe via RSS