10 matches found
Active attack: Dirty Frag Linux vulnerability expands post-compromise risk
In this article 1. Why Dirty Frag matters 2. Technical overview 3. Exploitation scenarios 4. Mitigation guidance 5. Post-mitigation integrity verification 6. References A newly disclosed Linux local privilege escalation vulnerability known as “Dirty Frag” enables escalation from an unprivileged...
Backdoored XZ Utils (CVE-2024-3094)
On Friday, March 29, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used command line tool XZ Utils liblzma. The backdoor, added by an...
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...
Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length
Overview There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges. Description The Linux kernel contains a vulnerability in the domremap call that allows software to create a virtual memory area VMA with a length of 0 bytes. This...
ImageMagick's Overflow
ImageMagick's Overflow Rosiello Security's Advisory & DTORS http://www.rosiello.org I. BACKGROUND The ImageMagick display is an image viewer. ImageMagick is part of the KDE desktop and is bundled with all major Linux distributions. II. DESCRIPTION A vulnerability was found in this application tha...