Just to share that /proc/pid/environ suffers from bugs https://lkml.org/lkml/2012/7/24/245 that can be considered vulnerabilities unless your kernel includes the commit b409e578d9a4ec95913e ’proc: clean up /proc//environ handling’ . The fixes are in the mainline now. The PoC to dump exec area can found here: http://lkml.org/lkml/2012/7/22/163 Linux Procfs suffers from other vulnerabilities, like the: ->open() + ->dup(stdin,stdout…) + execve(suid_program)… These […]
BsidesAlgiers was held on 04-05 May in ESI (Ecole nationale Supérieure d’Informatique) Algiers. Thanks to the DzOWASP folks and others… Slides can be found here: http://www.slideshare.net/Shellmates/tag/bsides-algiers My presentation “Linux kernel and Recent Security Protections”: http://www.slideshare.net/Shellmates/bsides-algiers-linux-kernel-and-recent-security-protections-djallal-harouni
Salam alikoum, D’abord je voudrais remercier tous ceux qui vont participer à ce DZBlogDay 2012 et tous les organisateurs. Merci pour ce jour. Dans ce post vous trouverez de l’informatique (mon domaine), je vais être bref faute de temps et un peu positive pour aller de l’avant (et un peut personnel faute d’inspiration). Le thème […]
مع بعض التدابير الأمنية chroot في بيئة GNU/Linux على نظام Nginx سنرى في هذا الموضوع كيفية تنصيب خادم الويب Here: http://opendz.org/sysadmin/nginx
hello I have published a security advisory for Mplayer and VLC: [DZC-2009-001] Advisory blog post: Advisory: The Movie Player and VLC Media Player Real Data Transport parsing integer underflow. Affected products: The Movie player <= svn r29446 [1] VLC media player <= 1.0.0 [2] Possible others applications that use the xine lib code [3]. Discovred […]
