Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [vulnerability]

Security vulnerabilities are bugs (usually in software) that allow abuse of a program or system.

64 questions
249
votes
5 answers

What does env x='() { :;}; command' bash do and why is it insecure?

There is apparently a vulnerability (CVE-2014-6271) in bash: Bash specially crafted environment variables code injection attack I am trying to figure out what is happening, but I'm not entirely sure I understand it. How can the echo be executed as…
jippie
  • 13,756
  • 10
  • 44
  • 64
53
votes
3 answers

Disable Spectre and Meltdown mitigations

Can I disable Spectre and Meltdown mitigation features in Ubuntu 18.04LTS? I want to test how much more performance I gain when I disable these two features in Linux, and if the performance is big, to make it permanently.
pioupiou
  • 796
  • 1
  • 9
  • 23
35
votes
4 answers

How to mitigate the Spectre and Meltdown vulnerabilities on Linux systems?

Security researchers have published on the Project Zero a new vulnerability called Spectre and Meltdown allowing a program to steal information from a memory of others programs. It affects Intel, AMD and ARM architectures. This flaw can be exploited…
GAD3R
  • 63,407
  • 31
  • 131
  • 192
27
votes
3 answers

How to detect and mitigate the Intel escalation of privilege vulnerability on a Linux system (CVE-2017-5689)?

According to the Intel security-center post dated May 1, 2017, there is a critical vulnerability on Intel processors which could allow an attacker to gain privilege (escalation of privilege) using AMT, ISM and SBT. Because the AMT has direct access…
GAD3R
  • 63,407
  • 31
  • 131
  • 192
22
votes
3 answers

rsync the file `a`b

Yeah, I know what you are thinking: "Who on earth names their file `a`b?" But let us assume you do have a file called `a`b (possibly made by a crazy Mac user - obviously not by you), and you want to rsync that. The obvious solution: rsync…
Ole Tange
  • 33,591
  • 31
  • 102
  • 198
20
votes
1 answer

How do I secure Linux systems against the BlueBorne remote attack?

The Armis Lab has discovered a new vector attack affecting all devices with Bluetooth enabled including Linux and IoT systems. BlueBorne attack on Linux Armis has disclosed two vulnerabilities in the Linux operating system which allow attackers to…
GAD3R
  • 63,407
  • 31
  • 131
  • 192
19
votes
1 answer

How was the Shellshock Bash vulnerability found?

Since this bug affects so many platforms, we might learn something from the process by which this vulnerability was found: was it an εὕρηκα (eureka) moment or the result of a security check? Since we know Stéphane found the Shellshock bug, and…
Faheem Mitha
  • 34,649
  • 32
  • 119
  • 183
13
votes
1 answer

Ghost Vulnerability - CVE-2015-0235

Does the Ghost Vulnerability require access (as in being a logged in user) to the effected OS in question? Can someone clarify the 'remote attacker that is able to make an application call'? I only seem to find tests to run on the local system…
devnull
  • 5,331
  • 21
  • 36
9
votes
1 answer

Do I need to take action regarding my Microarchitectural Data Sampling (MDS) status?

My dmesg output contains the following line: [ 0.265021] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. Having gone to the above-mentioned site and…
5am
  • 313
  • 1
  • 5
  • 14
9
votes
2 answers

How do I protect my system against the Off-path TCP exploit in Linux?

According to cve.mitre.org, the Linux kernel before 4.7 is vulnerable to “Off-path” TCP exploits Description net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier…
GAD3R
  • 63,407
  • 31
  • 131
  • 192
8
votes
2 answers

Is AIX/Power safe from Spectre / Meltdown?

Since Intel, AMD and ARM is affected by the Spectre and Meltdown cpu kernel memory leak bugs/flaws, could we say that Power architecture is safe from these?
Hessnov
  • 581
  • 10
  • 27
8
votes
1 answer

How do I disable SSLv3 in an OpenSSH SSH server to avoid POODLE?

In wake of the newly-discovered POODLE vulnerability, I'd like to disable SSLv3 on all of my SSH servers. How do I achieve this with OpenSSH?
drs
  • 5,363
  • 9
  • 40
  • 69
7
votes
4 answers

If a CVE database lists my version of OpenSSH as vulnerable, is it possible that it has been patched but retains the version number?

I am using OpenSSH version 7.4p1, in CVE database I found that cpe:/a:openbsd:openssh:7.4:p1 is vulnerable to CVE-2017-15906 https://www.cvedetails.com/cve/CVE-2017-15906/. Does this mean that for sure my version is affected or is it possible that…
user187205
  • 171
  • 1
  • 2
6
votes
1 answer

How does the Linux Kernel handle newer chips that patched only against Spectre Variant 1 but not Variant 2?

How will chips patched for Spectre Variant 1 and Meltdown, like Whiskey Lake and Amber Lake, handle Spectre Variant 2? I'm looking to spec out a new laptop. Currently evaluating the Lenovo x390. It's set to ship with Whiskey Lake, which claims to…
Evan Carroll
  • 28,578
  • 45
  • 164
  • 290
6
votes
1 answer

Security of bash script involving gpg symmetric encryption

Notice: the very same vulnerability has been discussed in this question, but the different setting of the problem (in my case I don't need to store the passphrase) allows for a different solution (i.e. using file descriptors instead of saving the…
francescop21
  • 288
  • 5
  • 14
1
2 3 4 5