Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Stay Ahead With Linux Security News

4.Lock AbstractDigital Esm H350
Network SecurityPrice Tag 1security advisory networking

For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
1 min read Network Security
Mini Shai Hulud Suuply Chain Hero Esm H350
Network SecurityPrice Tag 1open-source python

Researchers recently identified another wave of malicious packages on PyPI linked to the broader Mini Shai-Hulud campaign, a worm-like supply chain attack that spread through trusted software packages. On the surface, the packages looked no different from thousands of others published to the repository each week. . Instead of trying to break into a target network directly, the attackers hid malicious code inside software that developers were already using. A few downloads are all it takes....
4 - 7 min read Network Security
Ironworm Hero Esm H350
Security Vulnerabilities Price Tag 1malware linux

IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
4 - 7 min read Security Vulnerabilities
14.Lock Code WorldMap Esm H350
Network SecurityPrice Tag 1system security Linux network

The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
3 - 5 min read Network Security
2.Motherboard Esm H350
Server SecurityPrice Tag 1open-source Linux administration

Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
3 - 6 min read Server Security
Filter Icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found -3 articles for you...
210
1.Penguin Landscape Esm H240
Price Tag 1security advisoryupdatecritical

Linux Kernel Netfilter Vulnerability: CVE-2024-26925 Critical DoS Threat

A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential risks to systems worldwide. The vulnerability, CVE-2024-26925 , arises from improperly releasing a mutex within the garbage collection (GC) sequence of nf_tables. It could potentially lead to race conditions and compromise the stability and security of the Linux kernel. . What Is the Impact of This Vulnerability on Linux Security? The technical details of the vulnerability and its impact on the Linux kernel's security should be highlighted. During the critical section, the commit mutex must not be released between nft_gc_seq_begin() and nft_gc_seq_end. The async GC worker could collect expired objects and get the released commit lock within the same GC sequence if this occurs. The implications of this kernel flaw are severe for systems utilizing the nf_tables for network packet filtering. Thus, admins and users should apply the latest updates to safeguard their systems. This proactive patching underscores the Linux community's commitment to security and stability and the importance of staying updated and informed on Linux security patches and best practices. For Linux admins, infosec professionals, internet security enthusiasts, and sysadmins, this vulnerability could have substantial long-term consequences for their systems and networks. It raises questions about the overall security of the Linux kernel and prompts critical analysis of the patching process and its effectiveness. However, the implications of this vulnerability extend beyond the immediate need for patching, elevating the importance of understanding and addressing potential weaknesses in open source and Linux security . This article aims to ensure that users are aware of their risks and equipped to take necessary actions to mitigate potential threats. Our Final Thoughts on This Critical Kernel Bug The critical vulnerability identified in the Linux kernel's netfiltersubsystem underscores the ongoing challenges in maintaining robust security measures for open-source software. The implications of this vulnerability on systems worldwide necessitate a heightened focus on proactive security measures, patching, and ongoing monitoring to ensure the resilience of Linux environments. This article aims to provide valuable insights and takeaways for the global community of Linux admins, infosec professionals, internet security enthusiasts, and sysadmins by emphasizing the impact of this flaw on security practitioners and offering actionable mitigation recommendations. . This critical weakness in the Linux kernel presents considerable dangers, requiring immediate response from system administrators and cybersecurity personnel.. Linux Kernel, Netfilter, Critical Risk, DoS, Security Update. . Brittany Day

Calendar 2 Apr 30, 2024 User Avatar Brittany Day Security Vulnerabilities
77
General Esm H240
Price Tag 1security advisorysendmailrace condition

RAZOR: Mod Risk Advisory for Sendmail Unsafe Signal Handling

Sendmail signal handlers used for dealing with specific signals (SIGINT, SIGTERM, etc) are vulnerable to numerous race conditions, including handler re-entry, interrupting non-reentrant libc functions and entering them again from the handler (see "References" for more details on this family of vulnerabilities). This set of vulnerabilities exist because of unsafe library function calls from signal handlers (malloc, free, syslog, operations on global buffers, etc).. . .. Sendmail signal handlers used for dealing with specific signals (SIGINT, SIGTERM, etc) are vulnerable to numerous race conditions, including handler re-entry, interrupting non-reentrant libc functions and entering them again from the handler (see "References" for more details on this family of vulnerabilities). This set of vulnerabilities exist because of unsafe library function calls from signal handlers (malloc, free, syslog, operations on global buffers, etc). RAZOR advisory: Unsafe Signal Handling in Sendmail Issue Date: May 28, 2001 Contact: Michal Zalewski Topic: Sendmail signal handlers used for dealing with specific signals are vulnerable to numerous race conditions. Affected Systems: Any systems running sendmail (tested on sendmail 8.11.0, 8.12.0-Beta5) Details: Sendmail signal handlers used for dealing with specific signals (SIGINT, SIGTERM, etc) are vulnerable to numerous race conditions, including handler re-entry, interrupting non-reentrant libc functions and entering them again from the handler (see "References" for more details on this family of vulnerabilities). This set of vulnerabilities exist because of unsafe library function calls from signal handlers (malloc, free, syslog, operations on global buffers, etc). As sendmail is setuid root and can be invoked by user, and - moreover - keeps running with root privileges almost all the time, there is no problem with delivering signals at a specific moment. It is worth mentioning that not only sendmail issuspectible to have this kind of problems. Moreover, in some situations, unsafe signal handlers can be even exploited remotely, by delivering SIGURG over TCP stream (OOB message). Whenever SIGURG is handled in remote daemons in verbose way using unsafe functions, this is an exploitable condition. Note, sendmail is not vulnerable to this. Impact: One of the attack paths we can see is delivering SIGTERM while sendmail is working in 'verbose debugging' mode (-d switch). SIGTERM handler works less or more this way: - ... - syslog(...) call with user-dependent information - ... - fclose(...) - free(...) - free(...) - ... - exit(...) This is important that syslog() function effectively calls malloc() code to allocate a temporary buffer. As exactly the same handler is used for SIGINT, and there is no re-entry protection in this handler, we can reach appropriate (usually the second) free() call, and deliver SIGTERM. Then, already free()d memory will be overwritten with user-dependent data from syslog() buffer, as new memory chunk would fit in the place of free()d buffers. Then, duplicate free() attempt on the memory region containing user-dependent data will be performed, which would lead to program execution path compromise. This is a difficult race, but can be attempted numerous times. Note that avoiding re-entry into signal handler is not the only thing that has to be done. Other possibilities include e.g. re-entering functions like malloc() - in this case, signal has to be delivered only once, in the middle of malloc() call. That would lead to heap corruption. Any functions that are not reentrant should be protected in a special way or not used at all in signal handlers. Vendor response / fix info: From This email address is being protected from spambots. You need JavaScript enabled to view it.: We agree with Michal Zalewski's comments regarding the possibility of heap corruption due to signal delivery. We do not believe the heap corruption to beeasily exploitable due to the complexity involved with timing and the little control the user has over the contents of memory in the signal handler. This is different than buffer overflows attacks which occur on the stack and allow users to insert specific instructions at a known location. At the present time, there is no proof that this is exploitable as there are no known exploits. However, the corruption could crash the process and we have taken measures to reduce this possibility in 8.11.4. We have eliminated the ability to reenter a signal handler making the attack discussed above impossible. Additionally, sendmail 8.12 will no longer require a set-user-id root binary. Note that this attack can only be used by a process started by the user and therefore can not be used as a denial of service attack and also is not remotely exploitable. The information regarding remote attacks and SIGURG does not apply to sendmail as SMTP does not use out of band messages. References: For more information on signal delivery race conditions, please refer to RAZOR whitepaper at: . The signal management in Sendmail for interrupts like SIGINT and termination signals such as SIGTERM demonstrates susceptibility to unsafe states, potentially exposing the system to risks.. sendmail signal handling,race conditions,signal vulnerabilities. . LinuxSecurity.com Team

Calendar 2 May 29, 2001 User Avatar LinuxSecurity.com Team Server Security
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here