My Technical Notes » Security

Linux local privilege escalation via SUID

Nghiem Ba Hieu — Mon, 30 Jan 2012 09:22:25 +0000

According to CVE-2012-0056, linux kernel 2.6.39 and later versions is vulnerable to local privilege escalation by any local users due to the mem_write function does not properly check for permissions when writing to /proc/<pid>/mem, when ASLR is disabled.

Please take a look at this demonstration to see how it works.

Reference:

1. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0056

2. http://blog.zx2c4.com/749

Possibly Related [...]

CisCo : Installing the VSG ( Virutual Security Gateway ) Software from an ISO File

kartook — Wed, 21 Dec 2011 05:24:28 +0000

DETAILED STEPS

Step 1 Upload the Cisco Virtual Security Gateway ISO image to the vCenter datastore.

Step 2 From the data center in the vSphere Client menu, choose your ESX host where you want to install the Cisco Virtual Security Gateway and choose New Virtual Machine.

The Create New Virtual Machine dialog box opens.

Step [...]

Cisco : How to install SSL cert on Cisco ACS ?

kartook — Thu, 15 Dec 2011 11:23:50 +0000

Install your Trustwave SSL Certificate

Click “System Configuration” in the navigation bar and click “ACS Certificate Setup”. Click “Install ACS Certificate” and choose the “Read certificate from file” option. Then provide the full path and filename of the .cer file which was e-mailed to you by Trustwave. Also, provide the full path and filename to [...]

News : Have Facebook accounts been hacked in Bangalore?

kartook — Thu, 17 Nov 2011 05:45:30 +0000

Bangalore: Across the world, thousands of Facebook users have been spammed. The spam is a flood of porn and violent images and other graphic content spread across the site over the past couple of days.

News : Hackers break SSL encryption used by millions of sites

kartook — Sat, 24 Sep 2011 18:25:01 +0000

Hackers break SSL encryption used by millions of sites , Beware of BEAST decrypting secret PayPal cookies

By Dan Goodin in San Francisco Posted in ID, 19th September 2011 21:10 GMT

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data [...]

Linux : HowTo check the DNS server entries?

kartook — Fri, 04 Feb 2011 05:31:31 +0000

You can simply use that commands to find your DNS servers on a Linux/Unix/BSD based OS

by usign: # cat /etc/resolv.conf

using: # less /etc/resolv.conf

Possibly Related Posts:

Linux local privilege escalation via SUID CisCo : Installing the VSG ( Virutual Security Gateway ) Software from an ISO File CisCO UCS Required Documentation listed Cisco : How to install SSL cert on Cisco ACS ? Cisco Datacenter /Nexus 1000V Videos

Security : fail2ban and dependencies

kartook — Tue, 18 Jan 2011 14:04:28 +0000

I like to install fail2ban on my Server for securing ssh and Asterisk .

Installed: fail2ban.noarch 0:0.8.4-23.el5

Dependency Installed: shorewall.noarch 0:4.0.15-1.el5 shorewall-common.noarch 0:4.0.15-1.el5 shorewall-perl.noarch 0:4.0.15-1.el5 shorewall-shell.noarch 0:4.0.15-1.el5

Possibly Related Posts:

Security : Cisco Password7 Crack

kartook — Tue, 28 Dec 2010 16:17:53 +0000

The utility is the Cisco Password 7 Crack. It is able to decrypt Cisco’s encrypted “type 7″ passwords. “Type 7″ password encryption is used when “service password-encryption” has been enabled. Unfortunately, the cryptographic algorithm is not very complex or secure

CRACK HERE

Possibly Related Posts:

Cisco : Generate Crypto Keys via ASDM

kartook — Sun, 05 Dec 2010 05:22:02 +0000

To generate the key pair from ASDM go to Configuration, then select the Device Management tab. Expand Certificate Management and go to Identity Certificates. Click Add and select the Add a New Identity Certificate radio button. Then click New.

In the Add Key Pair dialog box, take the defaults and click Generate Now.

Don’t forget to go to Device Management > Management Access [...]

Ubuntu : Fix The Screen Messed up at Start-up and Shutdown

kartook — Fri, 03 Dec 2010 14:20:02 +0000

If you’re running Ubuntu Maverick with Nvidia Official drivers, and your screen messed up at starting up and shutting down the system. You can try following method to fix the problem.

Step 1: First, open up a terminal window from Applications -> Accessories menu. Run this command to install preparing tools:

sudo apt-get install v86d [...]