Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 1 articles for you...
210
security advisorysecurity updatekernel patchKernel DMA Vulnerability CVE-2024-43856: Critical Update for Linux Admins
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant kernel vulnerability, CVE-2024-43856 . The issue involves race conditions in the dmam_free_coherent() function, which could allow race condition-based attacks against various kernel versions. . In this article, I'll describe this flaw, its potential impacts, and various kernel vendors' attempts to address its risks with security patches. Understanding This Vulnerability This vulnerability lies within a race condition, in which system stability and security depend upon uncontrollable events occurring at random times and sequences. This race condition was discovered within the Linux kernel's dmam_free_coherent() function due to improper operation order when freeing Direct Memory Access allocations and managing associated resources. DMA (Direct Memory Access) is an integral feature that enables hardware devices to directly move data between system memory and hardware devices without going through the CPU, significantly increasing performance and improving overall system reliability. However, if an issue arose with DMA, such as that seen in CVE-2024-43856, this process could become compromised, leading to incorrect memory access, data corruption, unexpected behavior, or even system crashes. Exploitation and Impact An attacker would need to carefully time their operations to coincide with when the kernel is reallocating DMA memory, freeing and reallocating it at specific moments. If successful, devres_destroy() might prematurely free an entry, which causes WARN_ON() assertion errors within dmam_match(), which forms part of the Linux kernel's DMA management subsystem. An exploit of this nature is certainly no simple matter, as it requires an in-depth knowledge of kernel inner workings and the ability to manipulate or anticipate the exact timing of events within a targeted system. A race condition could enable an attacker with such skills towrite arbitrary data into CPU memory - unquestionably posing severe security threats. What Patches & Solutions Are Available? In response to this threat, Greg Kroah-Hartman submitted a patch written by Lance Richardson from Google designed to mitigate DMA allocation vulnerabilities by switching their order of operations within dmam_free_coherent(). Now, this function ensures tracking data structures are deleted using devres_destroy() before freeing the DMA allocation via dma_free_coherent(). Restructuring is essential as it removes the chance that concurrent tasks could interfere with the cleanup process, thus closing a window through which an attacker could exploit a race condition to exploit the vulnerability. This patch received approval from key Linux kernel contributors such as Christoph Hellwig and Sasha Levin for inclusion into the mainline Linux kernel, providing users with assurance regarding its stability and reliability. Admins should implement this patch as soon as possible to safeguard their systems. They can do this via their Linux distribution's package management system using standard package updates, including CVE-2024-43856 fixes. Administrators on Debian-based systems or Red Hat-based servers can utilize commands like apt-get or yum to update kernel packages, with updates automatically downloaded and installed. This makes it simple for even less experienced administrators to secure their servers. After installing a kernel update, a reboot must be performed to activate its effects. Administrators should plan this reboot carefully to minimize impactful disruption to services and users. Our Final Thoughts on This DMA Security Vulnerability CVE-2024-43856 underscores the complexities associated with low-level system administration. Although the Linux kernel is widely recognized for its stability and security , its component modules occasionally exhibit flaws. What sets the Linux community apart is how quickly flaws such as CVE-2024-43856 can be addressed,demonstrated by their proactive development and deployment of patches such as those needed to address CVE-2024-43856. System administrators must remain vigilant in installing kernel updates promptly to protect their Linux systems against potential threats. . The DMA vulnerability in the Linux kernel threatens system integrity and data security, allowing unauthorized memory access. Timely patches are essential to mitigate risks.. Linux Kernel,Patch Management,Direct Memory Access,Kernel Vulnerabilities,Security Flaws. . Brittany Day
Sep 10, 2024
•
Security Vulnerabilities
77
security advisorybuffer overflowsecurity flawsElm and Mplayer Exploits: Critical Security Flaws Affecting Linux Systems
Two serious security flaws have turned up in software widely distributed with Linux and Unix. The bugs affect Elm (Electronic Mail for Unix), a venerable e-mail client still used by many Linux and Unix sysadmins, and Mplayer, a cross-platform movie player that is one of the most popular of its kind on Linux. The Elm flaw involves a boundary error when the client reads an e-mail's "Expires" header. A specially crafted e-mail could exploit the bug to cause a buffer overflow and execute malicious code on a system, according to security researchers. . Adding to the flaw's potential impact, exploit code has begun circulating on the Internet, according to FrSIRT, the French Security Incident Response Team, which published sample code on its site. The flaw affects Elm version 2.5 PL7 and earlier, and has been fixed in a new update, version 2.5 PL8. A patched version is available via Elm-related websites, or from operating system vendors such as Red Hat.. New vulnerabilities in OpenSSL and VLC have left devices vulnerable to exploitation through malicious attachments. Keep informed about the patches.. Email Client Security, Exploit Risks, System Threats, Buffer Overflow Awareness, Mplayer Updates. . LinuxSecurity.com Team
Aug 26, 2005
•
Server Security
78
security advisorycriticalDoSLinux Environment: 140321 Severe DoS and VPN Configuration Workaround
Two vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or bypass certain security restrictions. . 1) The "setsockopt()" function is not restricted to privileged users with the "CAP_NET_ADMIN" capability. This can be exploited to bypass IPsec policies or set invalid policies to exploit other vulnerabilities or exhaust available kernel memory. 2) An error in the "syscall32_setup_pages()" function on 64-bit x86 platforms can be exploited to cause a memory leak by executing a malicious 32-bit application with specially crafted ELF headers. 1) The vulnerability has been fixed in version 2.6.13-rc7. 2) The vulnerability has been fixed in version 2.6.13-rc4. The link for this article located at Secunia is no longer available. . Explore the impact of two critical vulnerabilities in the Linux kernel that could enable malicious actors to execute Denial of Service attacks and circumvent IPsec policy protections.. Linux Kernel Security, Denial of Service, IPsec Policies. . LinuxSecurity.com Team
Aug 25, 2005
•
Vendors/Products
77
security advisorycritical issuekernelSUSE: Kernel 2.6 Critical Advisory: Shutdown Threat Detected
Linux distributor Suse has warned of one of the most serious security holes to date in version 2.6 of the Linux kernel, which could allow attackers to shut down a system running 2.6-based software. . . .. Linux distributor Suse has warned of one of the most serious security holes to date in version 2.6 of the Linux kernel, which could allow attackers to shut down a system running 2.6-based software. The 2.6 kernel, completed at the end of last year, brings a number of enterprise-friendly features to Linux, but is still in the early stages of rolling out in commercial products. While a number of Linux vendors have released software for technical enthusiasts running the new kernel, Novell-owned Suse is one of the few offering an enterprise product based on 2.6. The link for this article located at Matthew Broersma is no longer available. . Ubuntu warns of a severe vulnerability in the Linux kernel 4.15 that could lead to system failures.. SUSE Advisory, Kernel Exploit, System Security Flaw. . LinuxSecurity.com Team
Oct 27, 2004
•
Server Security
83
web applicationsecurity breachsystem exploitRaleigh Cable News Application Security Breach: System Exploit Report
A Raleigh, North Carolina cable news channel shut down a Web application designed to allow local schools and businesses to report weather-related closings last week, after a handful of puckish university students discovered they could use it to add textual graffiti to the station's newscast. Before the system was shut down, viewers tuning into Time Warner Cable's News 14 Carolina for updates on last week's record-breaking snow storm could read in the text ticker on the lower third of the screen that a company called "h4x0r3d Computer Services Inc." was among the business that would be shuttered the next morning because of the storm. . . .. A Raleigh, North Carolina cable news channel shut down a Web application designed to allow local schools and businesses to report weather-related closings last week, after a handful of puckish university students discovered they could use it to add textual graffiti to the station's newscast. Before the system was shut down, viewers tuning into Time Warner Cable's News 14 Carolina for updates on last week's record-breaking snow storm could read in the text ticker on the lower third of the screen that a company called "h4x0r3d Computer Services Inc." was among the business that would be shuttered the next morning because of the storm. According to screen shots saved by observers, other messages sprinkled among the genuine closings that rotated through the ticker included "1337 5p34k Linguistic Services," "All Your Base Are Belong To Us," and a note that "Tutone Inc." would be closed, and employees should call "Jenny at 867-5309" for more details. "We immediately implemented changes to the system," says News 14's Charlie Schell. "It was a Web-based system that we had used two, almost three years, with nobody taking advantage of it." Before a submitted announcement would appear on the air, it had to be approved by a reviewer, said Schell. But once approved, the system allowed a business to change their name and the details of the closing through the website without any furtherhuman attention. "They didn't actually get in there or compromise any of our equipment... They just signed up as a legitimate business, and then changed their information half-an-hour later," Schell says. The link for this article located at is no longer available. . Charlotte, NC local network ceased its online platform following students misusing it to share false notifications.. Text Exploit, Web Application Hack, Cable News Security, System Breach. . LinuxSecurity.com Team
Mar 10, 2004
•
Hacks/Cracks
74
security advisorydenial of servicenetwork securityCERT Advisory CA-2004-01 Critical H.323 DoS: VoIP Network Threats
A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocol H.323. Voice over Internet Protocol (VoIP) and video conferencing equipment and software can use these protocols to communicate over a variety of computer networks. . . .. CERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities Original release date: January 13, 2004 Last revised: -- Source: CERT/CC, NISCC A complete revision history can be found at the end of this file. Systems Affected * Many software and hardware systems that implement the H.323 protocol Examples include + Voice over Internet Protocol (VoIP) devices and software + Video conferencing equipment and software + Session Initiation Protocol (SIP) devices and software + Media Gateway Control Protocol (MGCP) devices and software + Other networking equipment that may process H.323 traffic (e.g., routers and firewalls) Overview A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocol H.323. Voice over Internet Protocol (VoIP) and video conferencing equipment and software can use these protocols to communicate over a variety of computer networks. I. Description The U.K. National Infrastructure Security Co-ordination Centre (NISCC) has reported multiple vulnerabilities in different vendor implementations of the multimedia telephony protocol H.323. H.323 is an international standard protocol, published by the International Telecommunications Union, used to facilitate communication among telephony and multimedia systems. Examples of such systems include VoIP, video-conferencing equipment, and network devices that manage H.323 traffic. A test suite developed by NISCC and the University of Oulu Security Programming Group (OUSPG) has exposed multiple vulnerabilities in a variety of implementations of the H.323 protocol (specifically its connection setup sub-protocol H.225.0). Informationabout individual vendor H.323 implementations is available in the Vendor Information section below, and in the Vendor Information section of NISCC Vulnerability Advisory 006489/H323. The U.K. National Infrastructure Security Co-ordination Centre is tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is tracking this issue as VU#749342. This reference number corresponds to CVE candidate CAN-2003-0819, as referenced in Microsoft Security Bulletin MS04-001. II. Impact Exploitation of these vulnerabilities may result in the execution of arbitrary code or cause a denial of service, which in some cases may require a system reboot. III. Solution Apply a patch or upgrade Appendix A and the Systems Affected section of Vulnerability Note VU#749342 contain information provided by vendors for this advisory ( ). However, as vendors report new information to the CERT/CC, we will only update VU#749342. If a particular vendor is not listed, we have not received their comments. Please contact your vendor directly. Filter network traffic Sites are encouraged to apply network packet filters to block access to the H.323 services at network borders. This can minimize the potential of denial-of-service attacks originating from outside the perimeter. The specific services that should be filtered include * 1720/TCP * 1720/UDP If access cannot be filtered at the network perimeter, the CERT/CC recommends limiting access to only those external hosts that require H.323 for normal operation. As a general rule, filtering all types of network traffic that are not required for normal operation is recommended. It is important to note that some firewalls process H.323 packets and may themselves be vulnerable to attack. As noted in some vendor recommendations like Cisco Security Advisory 20040113-h323 and Microsoft Security Bulletin MS04-001, certain sites may actually want to disable application layer inspection ofH.323 network packets. Protecting your infrastructure against these vulnerabilities may require careful coordination among application, computer, network, and telephony administrators. You may have to make tradeoffs between security and functionality until vulnerable products can be updated. Appendix A. - Vendor Information This appendix contains information provided by vendors for this advisory. Please see the Systems Affected section of Vulnerability Note VU#749342 and the Vendor Information section of NISCC Vulnerability Advisory 006489/H323 for the latest information regarding the response of the vendor community to this issue. 3Com No statement is currently available from the vendor regarding this vulnerability. Alcatel No statement is currently available from the vendor regarding this vulnerability. Apple Computer Inc. Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain the issue described in this note. AT&T No statement is currently available from the vendor regarding this vulnerability. Avaya Please see the NISCC Vulnerability Advisory 006489/H323 at Borderware No statement is currently available from the vendor regarding this vulnerability. Check Point No statement is currently available from the vendor regarding this vulnerability. BSDI No statement is currently available from the vendor regarding this vulnerability. Cisco Systems Inc. Please see https://www.cisco.com/site/us/en/index.html Clavister No statement is currently available from the vendor regarding this vulnerability. Computer Associates No statement is currently available from the vendor regarding this vulnerability. Cyberguard Please see the NISCC Vulnerability Advisory 006489/H323 at Debian No statement is currently available from the vendor regarding this vulnerability. D-Link Systems No statement is currently available from the vendor regarding this vulnerability. Conectiva No statement iscurrently available from the vendor regarding this vulnerability. EMC Corporation No statement is currently available from the vendor regarding this vulnerability. Engarde No statement is currently available from the vendor regarding this vulnerability. eSoft We don't have an H.323 implementation and thus aren't affected by this. Extreme Networks No statement is currently available from the vendor regarding this vulnerability. F5 Networks No statement is currently available from the vendor regarding this vulnerability. Foundry Networks Inc. No statement is currently available from the vendor regarding this vulnerability. FreeBSD No statement is currently available from the vendor regarding this vulnerability. Fujitsu Please see the NISCC Vulnerability Advisory 006489/H323 at Global Technology Associates No statement is currently available from the vendor regarding this vulnerability. Hitachi Please see the NISCC Vulnerability Advisory 006489/H323 at Hewlett-Packard Company Please see the NISCC Vulnerability Advisory 006489/H323 at Ingrian Networks No statement is currently available from the vendor regarding this vulnerability. Intel No statement is currently available from the vendor regarding this vulnerability. Intoto No statement is currently available from the vendor regarding this vulnerability. Juniper Networks No statement is currently available from the vendor regarding this vulnerability. Lachman No statement is currently available from the vendor regarding this vulnerability. Linksys No statement is currently available from the vendor regarding this vulnerability. Lotus Software No statement is currently available from the vendor regarding this vulnerability. Lucent Technologies Please see the NISCC Vulnerability Advisory 006489/H323 at Microsoft Corporation Please see /en-us/ MontaVista Software No statement is currently available from the vendor regarding this vulnerability. MandrakeSoft No statement is currently available from the vendor regarding this vulnerability. Multi-Tech Systems Inc. No statement is currently available from the vendor regarding this vulnerability. NEC Corporation No statement is currently available from the vendor regarding this vulnerability. NetBSD NetBSD does not ship any H.323 implementations as part of the Operating System. There are a number of third-party implementations available in the pkgsrc system. As these products are found to be vulnerable, or updated, the packages will be updated accordingly. The audit-packages mechanism can be used to check for known-vulnerable package versions. Netfilter No statement is currently available from the vendor regarding this vulnerability. NetScreen No statement is currently available from the vendor regarding this vulnerability. Network Appliance No statement is currently available from the vendor regarding this vulnerability. Nokia No statement is currently available from the vendor regarding this vulnerability. Nortel Networks The following Nortel Networks Generally Available products and solutions are potentially affected by the vulnerabilities identified in NISCC Vulnerability Advisory 006489/H323 and CERT VU#749342: Business Communications Manager (BCM) (all versions) is potentially affected; more information is available in Product Advisory Alert No. PAA 2003-0392-Global. Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway are potentially affected; more information is available in Product Advisory Alert No. PAA-2003-0465-Global. For more information please contact North America: 1-800-4NORTEL or 1-800-466-7835 Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009 Contacts for other regions are available at Or visit the eService portal at under Advanced Search. If you are a channel partner, more information can be found under under Advanced Search. Novell No statement is currently available from the vendor regarding this vulnerability. Objective Systems Inc. Please see the NISCC Vulnerability Advisory 006489/H323 at OpenBSD No statement is currently available from the vendor regarding this vulnerability. Openwall GNU/*/Linux No statement is currently available from the vendor regarding this vulnerability. RadVision Please see the NISCC Vulnerability Advisory 006489/H323 at Red Hat Inc. Please see the NISCC Vulnerability Advisory 006489/H323 at Oracle Corporation No statement is currently available from the vendor regarding this vulnerability. Riverstone Networks No statement is currently available from the vendor regarding this vulnerability. Secure Computing Corporation No statement is currently available from the vendor regarding this vulnerability. SecureWorks No statement is currently available from the vendor regarding this vulnerability. Sequent No statement is currently available from the vendor regarding this vulnerability. Sony Corporation No statement is currently available from the vendor regarding this vulnerability. Stonesoft No statement is currently available from the vendor regarding this vulnerability. Sun Microsystems Inc. Sun SNMP does not provide support for H.323, so we are not vulnerable. And so far we have not found any bundled products that are affected by this vulnerability. We are also actively investigating our unbundled products to see if they are affected. Updates will be provided to this statement as they become available. SuSE Inc. No statement is currently available from the vendor regarding this vulnerability. Symantec Corporation Please see the NISCC Vulnerability Advisory 006489/H323 at Unisys No statement is currently available from the vendor regarding this vulnerability. TandBerg Please see the NISCC Vulnerability Advisory 006489/H323 at TumbleweedCommunications Corp. Please see the NISCC Vulnerability Advisory 006489/H323 at TurboLinux No statement is currently available from the vendor regarding this vulnerability. uniGone Please see the NISCC Vulnerability Advisory 006489/H323 at WatchGuard No statement is currently available from the vendor regarding this vulnerability. Wirex No statement is currently available from the vendor regarding this vulnerability. Wind River Systems Inc. No statement is currently available from the vendor regarding this vulnerability. Xerox No statement is currently available from the vendor regarding this vulnerability. ZyXEL No statement is currently available from the vendor regarding this vulnerability. _________________________________________________________________ The CERT Coordination Center thanks the NISCC Vulnerability Management Team and the University of Oulu Security Programming Group (OUSPG) for coordinating the discovery and release of the technical details of this issue. _________________________________________________________________ Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J. McDowell, Shawn V. Hernan and Jason A. Rafail ______________________________________________________________________ This document is available from: 2004 CERT Advisories ______________________________________________________________________ CERT/CC Contact Information Email:
Jan 14, 2004
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More