info@unhackable.org Phone: +877 547 3638

DSA-2384 cacti – multiple vulnerabilities

Several vulnerabilities have been discovered in Cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands. @debian_security: DSA-2384 cacti – http://goo.gl/g86kW #debian —

Read More »

Potential Malicious Activity or DDoS with SSH – /bin/false is NOT security

Hacker Jordan Sissel wrote a very informative and interesting article about SSH security and the old-school practice of using /bin/false to restrict shell access. Many system administrators are under the incorrect assumption that simply changing an account’s shell to /bin/false renders the account unusable. This is a fallacy. In addition, such a configuration could actually […]

Read More »

A known PHP Vulnerability which allows for file path injections getting more popular – affects PHP =<5.3.6

Vulnerability ID: CVE-2011-2202 A known vulnerability discovered in 2011 affecting many PHP versions has been getting more use recently. As new variations of exploits emerge, even novice hackers are able to use it without much skill. The vulnerability itself is an input validation error which could allow anyone to remotely inject an arbitrary file into […]

Read More »

Moderate: openssl security update

Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the […]

Read More »

Sudo format string vulnerability – affects versions 1.8.0 through 1.8.3p1

Summary: A flaw exists in the debugging code in sudo versions 1.8.0 through 1.8.3p1 that can be used to crash sudo or potentially allow an unauthorized user to elevate privileges. Sudo versions affected: 1.8.0 through 1.8.3p1 inclusive. Older versions of sudo are notaffected. CVE ID: This vulnerability has been assigned CVE 2012-0809 in the Common […]

Read More »

Linux vendors rush to patch privilege escalation flaw after root exploits emerge – affects kernel >=2.6.39

Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system. The vulnerability, which is identified as CVE-2012-0056, was discovered by Jüri Aedla and is caused by a failure of the Linux kernel to properly restrict access to […]

Read More »

DNSSEC Error Caused NASA Website To Be Blocked

The hazards of early DNSSEC adoption: A misconfiguration in NASA’s Domain Name System Security Extensions (DNSSEC) implementation on its website caused Comcast’s network to block users from the site last week. This is a glaring example of the difficulties in today’s mostly manual process of configuring DNS servers to support the new security protocol that […]

Read More »

Hackers Breached Railway Network, Disrupted Service

Hackers attacked computers at an an unidentified railway company, disrupting railway signals for two days in December, according to a government memo obtained by Nextgov. According to the memo, train service on the unnamed railroad located in the Pacific Northwest “was slowed for a short while” on Dec. 1, and rail schedules were delayed about […]

Read More »