Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 8 articles for you...
77
security advisorybuffer overflowdesign flawCORE Advisory: 20020409 Critical Stack Protection Issues Explored
"Stack shielding" software have been developed on the promise of preventing exploitation of buffer overflow vulnerabilities that make use of the stack smashing techniques. We discovered that all of them present basic design limitations as well as some implementation flaws.. . . . "Stack shielding" software have been developed on the promise of preventing exploitation of buffer overflow vulnerabilities that make use of the stack smashing techniques. We discovered that all of them present basic design limitations as well as some implementation flaws. Date: Tue, 23 Apr 2002 19:44:51 -0300 From: "[iso-8859-1] Ivn Arce" To: BUGTRAQ@ Cc: core.lists.vulnwatch@corest.com Subject: CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies CORE SECURITY TECHNOLOGIES Advisory Multiple vulnerabilities in stack smashing protection technologies Date Published: 2002-04-23 Last Update: 2002-04-23 Advisory ID: CORE-20020409 Bugtraq ID: Non-assigned yet CVE CAN: Non-assigned yet Title: Multiple vulnerabilities in stack smashing protection technologies. Class: Design limitation, Implementation flaw Remotely Exploitable: Yes Locally Exploitable: Yes Vendors contacted: 2002-04-15 - Immunix: Yes - Microsoft: Yes - Stack Smashing Protection (SSP) formerly ProPolice: Yes - StackShield: No, all attempts to notify the maintaners via email failed. No other contact information was found (the website has not been updated since January 8th, 2000). Release Mode: COORDINATED RELEASE Vulnerability Description: In the past years, several technologies (in the form of softwarepackages) have been developed to protect programs against exploitationof buffer overflow vulnerabilities. These technologies aim at detectingand preventing the execution of hostile code that takes advantage ofsoftware security vulnerabilities by overwriting a critical portionof a running program's memory known as the stack. The techniques used to exploit this type of vulnerabilities havebeendiscussed at length in the past years and, although they have been usedfor years in malicious code, notably the famous Robert T. Morris worm in1988 [1], were initially introduced to the security community at large inthepioneering articles "Smashing the stack for fun and profit" [2] writen byAleph1and "How to write buffer overflows" by Mudge.[3] Technologies to detect and prevent "stack smashing" exploit code werepresented thereafter, notably at the 1998 USENIX Security conference [4]. "Stack shielding" software have been developed on the promise of preventingexploitation of buffer overflow vulnerabilities that make use of the stacksmashing techniques. Several other techniques to exploit buffer overflows that DO NOT make useof stack overwriting or code execution on the stack have be presentedduring the past years. Techniques that exploit vulnerabilities by overwriting or otherwise abusingother memory portions of a running program are described in Solar Designer's"Getting around non-executable stack (and fix)" [5], "Advancedreturn-into-lib(c)exploits(PaX case study)" [6] and "w00w00 on Heap Overflows" [7]. However, for the purpose of this advisory we will focus on the stackprotectionmechanisms and claim the current technologies do not provide adecuateprotection: Stack shielding protections have been missunderstood, they only protect aparticular type of stack smashing exploitation, namely return addressoverwrites,NOT generic stack smashing attacks as they claim. This has been demostrated in the past, as in "Bypassing StackGuard AndStackShield" [8] and "Vulnerability in ImmuniX OS Security Alert:StackGuard1.21 Released" [9] We studied the three most visible "stack shielding" technologies: -Wirex StackGuard () and -StackShield ( (https://www.angelfire.com/sk/stackshield/download.html ) -Stack Smashing Protection (SSP, formerly ProPolice), from Hiroaki Etoh (https://www.ibm.com/us-en) As well as the recently introduced /GS stack protecting mechanismincorporated into Microsoft's Visual C++.NETas part of the Visual Studio.NETproduct family. Information about the feature and details on how it worksare availableat: https://www.bing.com/ We discovered that all of them present basic design limitations as well assome implementation flaws. Our conclusion is that although "stack shielding" technologies present avaluable mean to prevent execution of certain forms of malicious code, thosetechnologies should not be thought as a solution to the problem of bufferoverflowvulnerabilities in general and not even as a solution to some simple stacksmashingtechniques used to exploit those vulnerabilities. Stack shielding mechanims do not suffice to ameliorate the effects of badlywritten software and could give a false sense of security of devastatingeffects, if notconsidered as part of a general security strategy that includes securedesignmethodologies, secure programming practices, strict and well definedsecurity testingprocesses and the implementation of fixes and patches as well as the use ofad hoctechnologies to prevent exploitation of existing vulnerabilities, publicyknown or otherwise. Vulnerable Packages: StackShield up to, and including, v0.7-beta is vulnerable to #1, #3 and#4 StackGuard 1.2 and 2.0.1 (included in Immunix 7.0) is vulnerable to all the described methods. StackGuard 1.21 is not vulnerable to #2 Other StackGuard versions were not tested and are suspected to be vulnerable as well. Programs compiled with Microsoft Visual C++.NET /GS compiler switch are still exploitable by using techniques described in problem #1. Exploitation using #2, #3 and #4 is only possible if the attacker can guess or bruteforce the correct value of the "cookie", the existence ofheuristics for doing that are not in the scope of this advisory. SSP (ProPolice) is NOT vulnerable to any of the described exploitationmethods. Solution/Vendor Information/Workaround Wirex's Immunix StackGuard. Wirex offical response is: The upcoming next release of StackGuard,version 3.0 fixes problems #2, #3 and#4 by moving the terminator canary to a position between the frame pointer and all local variables. Problem #1 is not part of StackGuard's threat model, that is StackGuard is not designed to protect against exploitation before the vulnerable function exits. Microsoft Visual Studio.NET /GS Refer to Microsoft's white paper describing the design and implementation of the /GS switch: https://www.bing.com/ StackShield N/A ProPolice/SSP SSP is NOT vulnerable to any of the problems described. Credits: This vulnerabilities were discovered and researched by Gerardo Richartefrom CORE Security Technologies. Pionering work and ideas were introducedby Richarte and many others (see the references section) in variousinformationsecurity mailing lists and publications as far back as 1999.We wish to thank Crispin Cowan and Seth Arnold from Wirex (Immunix) fortheir quick response addressing this report. Technical Description - Exploit/Concept Code As stated previously, we have identified two basic design limitations inthe current stack smashing technologies: First, they only protect data located in memory "above" the firstsafeguarded address. Second, (and we think this is a more serious limitation) they only checkfor attacks after the called vulnerable function finishes, right beforereturning from it so exploitation is possible BEFORE exiting the vulnerable function. In addition to this, StackGuard and StackShield have an implementationflaw: They They protect the stack starting at the return address, leaving the savedframe pointer unprotected. In our study we found four different tricks to bypass stack smashingprotections, the first one is an extension of that described in thepreviously referedarticles and is a direct consecuence of design limitations. The other threeresult fromabusing frame pointer overwrites, and may be corrected introducing somechangesin the protection mechanisms. Control of function's arguments In [8] and [9] a method to exploit stack based buffer overflows onstackprotectedprograms is presented. In the example, a local pointer is used to write toarbitrarymemory locations within the program's memory space. This technique can beextendedto exploit the fact that in standard C compiled programs, function argumentsare locatedin the stack at "higher" addresses than the return address: lower addresses [ local variables ] [ saved frame pointer ] [ CANARY (0x000dff0a) ] [ return address ] [ function's arguments ] higher addresses Controlling functions arguments can effectively turn a stack protectedfunction into anexploitable program by turning the arguments into a"write-anything-anywhere" primitive.Once the attacker has the ability to "write anything, anywhere" it istrivial to bypass stack protection mechanisms. The following program will function as proof of concept code: gera@vaiolent:~src/sg/tests$ cat > sg1.c
Nov 03, 2023
•
Server Security
74
security advisoryDoSdesign flawIEEE 802.11 Flaw: Critical Threat to Linux And Android Devices
A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. . Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef said in a paper published this week. The approach exploits power-save mechanisms in endpoint devices to trick access points into leaking data frames in plaintext, or encrypt them using an all-zero key . "The unprotected nature of the power-save bit in a frame's header [...] also allows an adversary to force queue frames intended for a specific client resulting in its disconnection and trivially executing a denial-of-service attack," the researchers noted. In other words, the goal is to leak frames from the access point destined to a victim client station by taking advantage of the fact that most Wi-Fi stacks do not adequately dequeue or purge their transmit queues when the security context changes. The link for this article located at The Hacker News is no longer available. . A newfound vulnerability in the Bluetooth standard threatens security on Windows, macOS, and Android, exposing them to data theft and denial-of-service risks. Wi-Fi Exploitation, Linux Protocol Flaw, Device Security Risk. . Brittany Day
Mar 31, 2023
•
Network Security
210
security advisorysecurity issuedesign flawLinux Kernel: New Side-Channel Risk for DNS Cache Poisoning Attack
A recent research paper by a team at University of California, Riverside, shows the existence of previously overlooked side channels in the Linux kernels that can be exploited to attack DNS servers . According to the researchers, the issue with DNS roots in its design, that never really took security as a key concern and that made it extremely hard to retrofit strong security features into it. . While DNS security features are available, including DNSSEC and DNS cookies, they are not widely deployed due to backward compatibility, say the researchers. Instead, the only approach to make DNS more secure has been the randomization of UDP ports, known as ephemeral ports, with the aim to makes it harder for an attacker to discover them. As a result of this, several attacks to DNS have been discovered in the past, including the recent SAD DNS , a variant of DNS cache poisoning that allows an attacker to inject malicious DNS records into a DNS cache, thus redirecting any traffic to their own server and becoming a man-in-the-middle (MITM). . Investigating an emerging side-channel vulnerability within the Linux kernel that facilitates DNS cache contamination exploits.. DNS Poisoning, Linux Kernel Security, Side-Channel Threat, DNS Security Issues, Network Attack Methods. . Brittany Day
Nov 30, 2021
•
Security Vulnerabilities
210
security advisoryexploitdata exchangeApple M1RACLES Covert Channel Flaw: Discovery and Implications
Hector Martin, a hacker who is porting Linux to Apple Silicon Macs through Asahi Linux, has discovered a novel covert channel vulnerability on the M1 chip, calling it ‘M1RACLES’ and tracked as CVE-2021-30747. The flaw lies in the design of the chip itself, allowing any two applications running under an OS to covertly exchange data between them without using memory, sockets, files, or any other features that are meant to be used for data exchange. "While this shouldn’t be allowed as it bypasses OS security layers, it is nothing to worry about in practice." . This problem applies even if the two intercommunicating processes belong to different users and run on different privilege levels. Because this vulnerability is bound to the chip itself, it doesn’t matter if the user is running macOS, or Linux, or OpenBSD, or anything else on it. Every M1 device is affected by M1RACLES, and the only mitigation that can address the issue is to run the entire OS as a virtual machine. Obviously, this would impact the performance greatly, but would it be worth it? Is M1RACLES that serious to call for such a drastic measure? . SHADOWLINK, a hidden vulnerability on Apple M2, enables apps to share information discreetly, impacting various operating systems.. M1RACLES, Apple Silicon exploit, covert channel security flaw, Hector Martin discovery, Linux on M1. . Brittany Day
May 26, 2021
•
Security Vulnerabilities
77
security advisoryfirewalldesign flawAstaro Security Linux 2.016 Advisory: Moderate Design Flaws And Issues
Several serious theoretical and practical security vulnerabilities, alleged GPL license violations, and more were found in Astaro "secure" Linux. Joerg Luebbert writes, "Some of the vulnerabilities might be local and some might argue about that Astaro Security Linux is a Firewall and no server... but as it uses SSHD it could always be that the "loginuser" account might have been compromised and shell access granted.". . .. Several serious theoretical and practical security vulnerabilities, alleged GPL license violations, and more were found in Astaro "secure" Linux. Joerg Luebbert writes, "Some of the vulnerabilities might be local and some might argue about that Astaro Security Linux is a Firewall and no server... but as it uses SSHD it could always be that the "loginuser" account might have been compromised and shell access granted." Date: Sat, 02 Feb 2002 19:40:08 +0100 From: "[ISO-8859-1] Jörg Lübbert" To: bugtraq@ Subject: Vulnerabilities in Astaro Security Linux 2.016 Preamble: Product: Astaro Security Linux Version: 2.016 Vendor: Astaro AG Vendor URL: Vendor status and reply: Vendor has been contacted with posting of this message Description: Astaro develops and distributes the firewall solution Astaro Security Linux. Astaro Security Linux offers extensive protection for local networks against hackers, viruses and other risks of connecting to the Internet. Astaro Security Linux is distributed by a worldwide network of partners who offer local support regarding installation and maintenance. Introduction: Dear BugTraq readers. I've taken a short glimpse on Astaro Security Linux and found out some points of interest that are mostly design flaws. Please note that I am theorising (based on a 1 1/2 hour research only) about the impacts and have not proven their concepts on Astaro Security Linux yet even though most can be proved easily. Some of the vulnerabilities might be local and some might argue about that Astaro Security Linux is a Firewall and no server... butas it uses SSHD it could always be that the "loginuser" account might have been compromised and shell access granted. Vulnerabilities: Summary: 5 Design flaws 2 Completely theorised design flaws 1 Possible design flaw 1 Licensing violation 1 Software bug Category 1: Design flaw Problem 1: Astaro Security Linux chroots various daemons like snmpd and named in an insecure manner. The proc filesystem is mounted within their chroot jails. Furthermore the chroot jail entitled chroot-ipsec provides the proc file system, a bash, ls, cat and most notably mount. Impact 1: Arbitrary users could cause severe damage by breaking the named or snmpd remotely and by misusing the proc file system to reconfigure certain parts of the system configuration under proc/sys. Furthermore proc/kcore could be read to obtain information stored in memory which could lead to system administrator privileges. These could for instance be DES encrypted passwords which leads to another design flaw Exploit 1: None provided Category 2: Design flaw Problem 2: Astaro Security Linux uses the DES algorithm as standard hashing scheme. DES has turned very old and is known to be easily crackable with modern processing power. Impact 2: Arbitrary users who obtain encrypted passwords (see 1) could retreive a 6 letter clear-text password within just some hours using modern processing power and use it to compromise the system. Exploit 2: None provided Category 3: Design flaw Problem 3: Astaro Security Linux runs most of its daemons with UID 0 privileges. Affected daemons are: named or snmpd. These daemons run in a chroot jail. Impact 3: Arbitrary users could remotely crack one of the affected daemons and use UID 0 powers to compromise the whole file system even if these daemons run in a chroot jail. Additional note 3-1: The main design flaw lies within that these daemons run UID 0 within a chroot jail. The daemons itself are not the design flaw (even though BIND 8.2.3 can be considered old). Additional note3-2: Other daemons with UID 0 are syslogd, klogd, mdw_daemon.pl, cron, aua and sshd. VPN subsystem, SQUID and others haven't been checked by me. Exploit 3: None provided Category 4: Possible design flaw Problem 4: OpenSSL PRNG Internal State Disclosure Vulnerability Impact 4: Please see: Exploit 4: None provided Additional note 4: It was NOT tested if the version of OpenSSL (0.9.6) used in Astaro Security Linux is a security-patched version of OpenSSL 0.9.6 since no sources were provided (5) Category 5: Licensing violation Problem 5: Astaro AG releases software packages without providing their sources and modifications to them as required in §3 of the GNU GPL and neither seems to offer distribution of GPL sources for free within a 3 year period in a written form. Additional note 5: I have not checked every available documentation for a written form of an offer as described in GNU GPL §3 b but only their license (which should normally contain just that) and CD-ROM contents. Category 6: Design flaw Problem 6: Astaro Security Linux has a default limit for simultaneously processes of 8190 soft and 8912 hard and its default cpu-time is "unlimited". Impact 6: Arbitrary users with local access (loginuser) can easily launch fork bombs to consume 100% CPU power and stop the system from operating. Exploit 6: None provided Category 7: Completely theorised design flaw Problem 7: Astaro Security Linux uses a very old version of PAM (0.70 dated 09.10.1999) which maybe contains vulnerabilities. Category 8: Design flaw Problem 8: /proc/version indicates "Linux version 2.4.8-asl-0.010815.0", which indicates the 2.4.8 version of the Linux kernel that contains some security vulnerabilities. Additional information on possible vulnerabilities can be found here: Impact 8: Various, see above URLs. Exploit 8: None provided Additional note 8: Due to absence of source code it could not be proved if this kernel is patched against the security issues mentionedabove. Category 9: Completely theorised design flaw Problem 9: Astaro Security Linux seems to rely on an old version of glibc according to ls -l /lib/libc*. Output: -rwxr-xr-x 1 root root 1080268 Sep 15 2000 libc.so.6 If my assumption is correct and the version used was not patched, it could be possible that the system is vulnerable to a "glibc file globbing heap corruption vulnerability". For more information please see: Impact 9: See URL above Exploit 9: None provided Category 10: Software bug (OT for Bugtraq, still included;) Problem 10: During installation one can choose to install OpenSource software only or OpenSource software and the so called Astaro Security Enterprise Toolkit. When only "OpenSource" was chosen, the installer locks up after entry of the last password (I think this was for lilo). If my assumption is right (that a lilo password is asked for) then no lilo password will be set even though the Enterprise Toolkit was selected and the installation finished successfully. Additional note 10: System tested on was 800MHZ Duron, 128MB RAM, 20GB Maxtor HD, 52X CD-ROM, 3X RTL 8139. Final words: Conclusion, a final word to the Astaro AG: So much about a "Security Linux"... You may have done the firewalling and the configuration interface of your product real good... but you should also read some articles on what could be considered more internal security and work on your products some more. Disclaimer: None of the information provided are meant to aid any destructive purposes. I will furthermore take no responsibility for that anyone will use the information provided for his or her own malicious purposes. This information is intended to aid in improving the current state of Astaro Security Linux, warn companies and individuals who run Astaro Security Linux and should help other designers of Linux distributions to avoid flaws like the ones elaborated on above. Please also not that I am in no way affiliated with Astaro AG or any of their 3rd party affiliates or wantto harm Astaro AG and/or their customers. - Jörg Lübbert (aka Kaladis) -- Kaladix Linux - The Secure Linux Distribution URL: . Several serious theoretical and practical security vulnerabilities, alleged GPL license violations, . serious, theoretical, practical, security, vulnerabilities, alleged, license, violations. . LinuxSecurity.com Team
Jun 02, 2019
•
Server Security
83
security advisorymalwarerootkitSecurity Flaw in Intel x86 Architecture Enables Undetectable Rootkits
A design flaw in the x86 processor architecture dating back almost two decades could allow attackers to install a rootkit in the low-level firmware of computers, a security researcher said Thursday. Such malware could be undetectable by security products.. The vulnerability stems from a feature first added to the x86 architecture in 1997. It was disclosed Thursday at the Black Hat security conference by Christopher Domas, a security researcher with the Battelle Memorial Institute. The link for this article located at CSO Online is no longer available. . An architectural vulnerability in ARM chips might allow malware to embed itself in hardware, escaping the scrutiny of antivirus programs.. x86 Architecture, Rootkit Risk, Malware Threats. . LinuxSecurity.com Team
Aug 07, 2015
•
Hacks/Cracks
67
data securityinformation securitynetwork protocolExamining Design Flaws In Cryptographic Protocols: ENISA Insights
The cryptographic protocols used to secure data moving across the web are putting users at risk due to design flaws that date back many years. Given the current push to encrypt everything in response to revelations of government surveillance, it's important that the protocols being used to do the job are actually secure.. The problem is that these protocols often aren't up to the task, a problem that researchers at the European Union Agency for Network and Information Security (ENISA) are aiming to remedy. The link for this article located at ZDNet Blogs is no longer available. . The National Cyber Security Centre studies network security models to address vulnerabilities and improve information protection measures.. cryptographic protocols, data security, network risks. . LinuxSecurity.com Team
Nov 24, 2014
•
Cryptography
83
security advisorymobile securitydesign flawGlobal SIM Card Flaw: User Vulnerability Exposed By Karsten Nohl
Renowned German code-breaker Karsten Nohl, who uncovered a design flaw in around 750 million SIM cards around the world leaving them vulnerable to hack attacks, told RT that phone users are helpless against hackers.. The link for this article located at RT is no longer available. . In a recent exposé, cyber expert Sarah Jennings illustrates the vulnerability of smartphone owners amid widespread SIM card infiltration threats.. SIM Card Security, Hack Awareness, Design Flaw Analysis. . LinuxSecurity.com Team
Jul 23, 2013
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More