Vulnerability Description Recently, NSFOCUS detected a privilege escalation vulnerability in the Linux kernel (CVE-2020-14386). An integer overflow exists in the way net/packet/af_packet.c processes AF_PACKET, which leads to out-of-bounds write, thereby escalating privileges. An attacker could exploit this vulnerability to gain system root privileges from unprivileged processes. This vulnerability may affect...
Tag: Linux Vulnerability
Linux Kernel Multiple Remote Denial-of-Service Vulnerabilities Threat Alert
Overview Recently, Red Hat released a security bulletin, pointing out multiple TCP-based remote denial-of-service vulnerabilities in the Linux kernel, namely, a SACK Panic vulnerability of important severity and two other vulnerabilities of moderate severity. (more…)
Linux apt/apt-get Remote Code Execution (RCE) Vulnerability (CVE-2019-3462) Threat Alert
Overview On January 22, 2019, local time, security researcher Max Justicz announced his discovery of a remote code execution (RCE) vulnerability in Linux apt/apt-get. This vulnerability stems from the APT's failure to properly handle certain parameters involved in HTTP redirects. It can be triggered via a man-in-the-middle attack or a...
