#ssh

### Impact The malicious user is able to update a crafted `config` file into repository's `.git` directory with to gain SSH access to the server. All installations with [repository upload enabled (default)](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129) are affected. ### Patches Repository file updates are prohibited to its `.git` directory. Users should upgrade to 0.12.8 or the latest 0.13.0+dev. ### Workarounds N/A ### References N/A ### For more information If you have any questions or comments about this advisory, please post on #6555.

### Impact The malicious user is able to upload a crafted `config` file into repository's `.git` directory with to gain SSH access to the server. All Windows installations with [repository upload enabled (default)](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129) are affected. ### Patches Repository file uploads are prohibited to its `.git` directory. Users should upgrade to 0.12.8 or the latest 0.13.0+dev. ### Workarounds [Disable repository files upload](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L128-L129). ### References https://www.huntr.dev/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b/ ### For more information If you have any questions or comments about this advisory, please post on #6968.

Our new EDR for Linux offering extends our advanced protection and response capabilities to Linux devices via Nebula and OneView. The post Introducing EDR for Linux: Remediating and isolating threats on Linux servers appeared first on Malwarebytes Labs.

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it).

Red Hat Security Advisory 2022-4870-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.10.0 ESR. Issues addressed include a buffer overflow vulnerability.

By Deeba Ahmed In this PoC, the ransomware attack dubbed R4IoT uses vulnerable IoT devices (in this case, vulnerable security cameras)… This is a post from HackRead.com Read the original post: New PoC Shows IoT Devices Can Be Hacked to Install Ransomware on OT Networks

Comma devices running Openpilot suffered from an insecure configuration when SSH is enabled where the private key is publicly known. Additional security hardening improvements have also been made in recent releases to address other concerns as well.

During an **X25519** key exchange, the client’s private is generated with [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random): ```cs var rnd = new Random(); _privateKey = new byte[MontgomeryCurve25519.PrivateKeySizeInBytes]; rnd.NextBytes(_privateKey); ``` Source: [KeyExchangeECCurve25519.cs](https://github.com/sshnet/SSH.NET/blob/bc99ada7da3f05f50d9379f2644941d91d5bf05a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs#L51) Source commit: https://github.com/sshnet/SSH.NET/commit/b58a11c0da55da1f5bad46faad2e9b71b7cb35b3 [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random) is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. ### Impact When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be bruteforced. This allows an attacker able to eavesdrop the com...

EnemyBot DDoS botnet is rapidly weaponizing security bugs disclosed in CMS systems like WordPress plug-ins, Android devices, commercial Web servers, and other enterprise applications.