AWS Pen-Testing Laboratory - Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet

PenTesting laboratory deployed as IaC with Terraform on AWS. It deploys a Kali Linux instance accessible via ssh & wireguard VPN. Vulnerable instances in a private subnet. NOTE: Ids only defined for region "eu-west-1" For other regions, kali ami id must be specified and metasploitable3 id after...

What is the WireGuard VPN protocol?

In layman’s terms, a VPN uses encryption to create a private online connection between a device and a VPN server. With a good VPN service, you can shield your data from curious eyes. A VPN protocol is the set of rules that shapes how your data travels between your computer, mobile phone, tablet, ...

UVI-2021-1000806 wireguard: allowedips: free empty intermediate nodes when removing single node

wireguard: allowedips: free empty intermediate nodes when removing single node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commi...

GSD-2021-1000806 wireguard: allowedips: free empty intermediate nodes when removing single node

wireguard: allowedips: free empty intermediate nodes when removing single node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commi...

UVI-2021-1000771 wireguard: allowedips: free empty intermediate nodes when removing single node

wireguard: allowedips: free empty intermediate nodes when removing single node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commi...

GSD-2021-1000771 wireguard: allowedips: free empty intermediate nodes when removing single node

wireguard: allowedips: free empty intermediate nodes when removing single node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commi...

VPN protocols explained and compared

A Virtual Private Network VPN creates a safe "tunnel" between you and a computer you trust normally your VPN provider to protect your traffic from spying and manipulation. Any VPN worth its money encrypts the information that passes through it, so in this article we will ignore those that dont us...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.33 and fixes at least the following security issues: A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If...

Updated kernel packages fix security issues

This kernel update is based on upstream 5.10.25 and fixes at least the following security issues: Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location within the kernel memory. This can be abused to extract...

OPENSUSE-SU-2021:0452-1 Security update for connman

This update for connman fixes the following issues: Update to 1.39 boo1181751: Fix issue with scanning state synchronization and iwd. Fix issue with invalid key with 4-way handshake offloading. Fix issue with DNS proxy length checks to prevent buffer overflow. CVE-2021-26675 Fix issue with DHCP...

Security update for connman (moderate)

openSUSE Security Update: Security update for connman Announcement ID: openSUSE-SU-2021:0452-1 Rating: moderate References: 1181751 Cross-References: CVE-2021-26675 CVE-2021-26676 CVSS scores: CVE-2021-26675 NVD : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-26676 NVD : 6.5...

openSUSE Security Update : connman (openSUSE-2021-416)

This update for connman fixes the following issues : Update to 1.39 boo1181751 : - Fix issue with scanning state synchronization and iwd. - Fix issue with invalid key with 4-way handshake offloading. - Fix issue with DNS proxy length checks to prevent buffer overflow. CVE-2021-26675 - Fix issue...

OPENSUSE-SU-2021:0416-1 Security update for connman

This update for connman fixes the following issues: Update to 1.39 boo1181751: Fix issue with scanning state synchronization and iwd. Fix issue with invalid key with 4-way handshake offloading. Fix issue with DNS proxy length checks to prevent buffer overflow. CVE-2021-26675 Fix issue with DHCP...

Security update for connman (moderate)

openSUSE Security Update: Security update for connman Announcement ID: openSUSE-SU-2021:0416-1 Rating: moderate References: 1181751 Cross-References: CVE-2021-26675 CVE-2021-26676 CVSS scores: CVE-2021-26675 NVD : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-26676 NVD : 6.5...

Updated kernel and kernel-linus packages fix security vulnerabilities

This update is based on the upstream 5.7.19 kernel and fixes at least the following security issue: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in trymergefreespace ...

CVE-2020-9429

In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value...

Node.js third-party modules: [wireguard-wrapper] Command Injection via insecure command concatenation

I would like to report a Command Injection issue in the wireguard-wrapper module. It allows to execute arbitrary commands on the victim's PC. Module module name: wireguard-wrapper version: 1.0.2 npm page: https://www.npmjs.com/package/wireguard-wrapper Module Description This project is a nodejs...

MGASA-2020-0162 Updated kernel packages fix security issues

This update is based on upstream 5.5.15 and fixes some security related issues related to use after free and null pointer dereferences and also some other bugfixes. Other fixes in this update: - WireGuard module has been updated to v1.0.20200401 - ndiswrapper has been fixed and re-enabled mga2643...

Updated kernel packages fix security issues

This update is based on upstream 5.5.15 and fixes some security related issues related to use after free and null pointer dereferences and also some other bugfixes. Other fixes in this update: - WireGuard module has been updated to v1.0.20200401 - ndiswrapper has been fixed and re-enabled...

MGASA-2020-0156 Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.5.14 and fixes at least the following security vulnerabilities: In the Linux kernel 5.3.10, there is a use-after-free read in the perftracelockacquire function related to include/trace/events/lock.h CVE-2019-19769. Manfred Paul discovered that the bpf verifier i...