OpenLogic by Perforce’s Post

A critical exploit rated 10 on NIST (Same score as Log4Shell) has been discovered that effects many bleeding edge Linux distributions. This backdoor is in the api library "liblzma" which is used by many tools including SSH Daemon. This backdoor has been added by a malicious open source contributor. It is also not visible on the source code and the malicious code is added during build time as a test file. What is more interesting is that the person who discovered this (Andres Freund) noticed this exploit just because of a minor delay on a ssh login and a small cpu spike.

Ubuntu Security Notice USN-6834-1: Ubuntu Security Notice 6834-1 - It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to execute arbitrary code.

New Linux kernel cross-cache attack allows arbitrary memory writes https://trib.al/p5abXwE

👾 𝐇𝐨𝐰 𝐭𝐨 𝐂𝐨𝐧𝐯𝐞𝐫𝐭 .𝐛𝐢𝐧 𝐅𝐢𝐥𝐞𝐬 𝐭𝐨 𝐂 𝐀𝐫𝐫𝐚𝐲𝐬 𝐚𝐧𝐝 𝐁𝐚𝐜𝐤 𝐔𝐬𝐢𝐧𝐠 𝐱𝐱𝐝 𝐨𝐧 𝐋𝐢𝐧𝐮𝐱 👾 In my last post on this topic, I demonstrated how to read and store .bin files using C++, which is particularly useful for integrating binary data into C++ projects, as I did in Waffles Crypt. However, I wanted a faster and easier way to convert C-style arrays in text files back to .bin files and vice versa that could be used in Linux. The solution to this was the Linux tool xxd! You can visit my blog post to copy the commands and learn more: https://lnkd.in/dGPhjsrU Hope you learnt something new with this! Happy Hacking! :D

Virtual machines, CTFs, and Linux servers—quite the trio, aren't they? What's the common thread among them? An avenue for educational exploration in the realm of infosec, naturally. Recently, I've been guiding my students through the realms of Linux and networking using Raspberry Pis and live USBs. Following some enlightening conversations with friends who create CTF challenges, I stumbled upon Offensive Security's vulnerable virtual machine, Metasploitable. Inspired, I repurposed an old server, outfitted it with Linux Mint, and layered VirtualBox on top. Then, I configured the Metasploitable VM. Tomorrow, my students will engage in friendly competition, delving deep into the Metasploitable box to test their skills against one another. #ctfs #education #infosec #offensivesecurity #tryharder 👉🏼 Gerald Auger, Ph.D. Shlomie Levinger 🇮🇱🇺🇲 Moses David Klein

Kernel threads are not an exception for adversaries to leverege! As malware could be masqueraded kernel threads to evade the process forensics. By using some nnuances it can also be discovered. I tried explaining those processes in this video. #linux #forensics #dfir #kernelthread https://lnkd.in/g42SSpN7

Ubuntu Security Notice USN-6629-1: Ubuntu Security Notice 6629-1 - It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.

https://lnkd.in/g5AiKt3q This week, we bring you a roundup of exciting updates from #Armbian. From kernel enhancements to device-specific improvements, there’s plenty to dive into. #linux #ai #foss #software #community #debian #ubuntu #archlinux #kernel #yocto #buildroot

Ubuntu Security Notice USN-6596-1: Ubuntu Security Notice 6596-1 - It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked into opening a specially crafted invalid X.509 certificate, a remote attacker could possibly use this issue to perform spoofing and obtain sensitive information.

A malicious backdoor has been discovered in the libxz compression library which is widely used in linux distributions. The supply chain attack results in compromising OpenSSH. The official CVE is listed here: https://lnkd.in/dz7T2GtH Fortunately, it appears to have been caught relatively early and most Linux distributions are not affected (still on earlier versions of libxz). Version 5.6 is affected. Earlier versions are not. The command xz -V will show which version is in use on your system. Worth running the same command on your Mac if you’re using homebrew also. The vulnerability utilises a well obfuscated supply chain attack and the attack vector itself is very interesting. More details can be found here: https://lnkd.in/dXJXJQek or Low Level Learning has an interesting video on it if you prefer: https://lnkd.in/dAfg7AWE