Home > Uncategorized > Security News #0x40

Security News #0x40

  • Just in time for the final live exercise in my class came news of CVE 2013-2094, a new Linux privilege escalation exploit. Though the exploit-db page lists the exploit as "unverified", there are a number of students in my class who now know that this does work- at least on the CenOS 6.2 x64 systems we used in class. The user spender on Reddit provides some useful technical details. The problem was patched in the kernel last month. As is often the case, Ars Technica provides some perspective, while Andrea Righi has instructions on how to patch a running kernel.
  • Microsoft released MS 13-038 to patch last week’s vulnerability CVE 2013-1347 in Internet Explorer 8.
  • Did you know that you can use ICMP as a communication method for your shells?
  • Netcraft has a nice article on how certificate revokation works (or doesn’t) in practice.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: