Tag
#linux
## Summary By publishing specially crafted transactions on the Bitcoin blockchain, the SPV maintainer can produce seemingly valid SPV proofs for fraudulent transactions. The issue was originally identified by Least Authority in the tBTC Bridge V2 Security Audit Report as _Issue B: Bitcoin SPV Merkle Proofs Can Be Faked_. A mitigation was believed to have been in place, but this turned out to contain an error, and the issue had not been effectively mitigated. ### Details This is achieved by creating a 64-byte transaction that the fraudulent transaction treats as a node in its merkle proof: The attacker creates the malicious transaction `E` and calculates an unusual but valid transaction `D`, so that the last 32 bytes of `D` are a part of the merkle proof of `E`: ``` D = foo | hash256(E') E' = bar | hash256(E) ``` `foo` and `bar` are arbitrary 32-byte values selected to facilitate this attack. The attacker can then publish `D` and wait for it to be mined. A valid SPV proof for `D` ...
This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup keys interpolated by default, as opposed to what it should be, according to the documentation of the StringLookupFactory class. Those keys allow an attacker to execute arbitrary code via lookups primarily using the script key. In order to exploit the vulnerabilities, the following requirements must be met: Run a version of Apache Commons Text from version 1.5 to 1.9, use the StringSubstitutor interpolator, and the target should run JDK versions prior to 15.
Linux versions 5.6 and above appear to suffer from a cred refcount overflow when handling approximately 39 gigabytes of memory usage via io_uring.
Red Hat Security Advisory 2024-0300-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Security Advisory 2024-0299-03 - An update for python-requests is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Security Advisory 2024-0266-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.
Firefox version 121 and Chrome version 120 may both suffer from a minor denial of service issue with file downloads.
A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named "oscompatible," was published on January 9, 2024, attracting a total of 380 downloads before it was taken down. oscompatible included a "few strange binaries," according to software supply chain security firm Phylum, including a single
This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint. The exploit makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend a PHP payload to a string which gets evaluated by a require statement, which results in command execution.
This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected (default all).