Questions tagged [vulnerability]
Security vulnerabilities are bugs (usually in software) that allow abuse of a program or system.
67 questions
-2
votes
1
answer
130
views
Password revealed in terminal after empty password attempt [closed]
In Ubuntu (maybe other distros too) terminals it appears that password echoing gets enabled between failed password prompts revealing whatever is being typed (the password most probable).
I ...
0
votes
1
answer
70
views
Is it possible that some versions of Ubuntu are affected from different vulnerabilities with respect to the respective upstream Debian?
For my job, I am using a series of devices mounting Debian 9 stretch. I hear about the rsync's vulnerability, which our devices use. I read in the Debian announcement that Bullseye (11) is not ...
0
votes
1
answer
154
views
Confusing in status of 'fixed" and "obsolete" in debsecan of Ubuntu
May I know what are the meaning of 'fixed" and "obsolete" in debsecan of Ubuntu?
output of "debsecan --suite bookworm"
a) CVE-2024-xxxxx {Package Name} (fixed, obsolete)
b) ...
- 9
6
votes
1
answer
3k
views
How can I confirm for sure that a CVE has been mitigated on a RHEL system?
I have this problem, I'm trying to see if a group of servers are vulnerable to the CVE CVE-2024-1086 so what I do in the server is rpm -qa --changelog kernel | grep 2024-1086, and I get this as output:...
- 3,268
6
votes
2
answers
17k
views
How do you mitigate the Terrapin SSH attack?
The Terrapin Attack on SSH details a "prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the ...
- 525
2
votes
1
answer
3k
views
Are all Debian 11 systems automatically vulnerable to CVE-2023-38408?
I really really hope I'm wrong here, but it seems that Debian 11 has a vulnerable version of OpenSSH.
My OpenSSH banner reports my OpenSSH version is:
8.4p1 Debian 5+deb11u1
I checked with sshd and it ...
- 1,306
0
votes
0
answers
180
views
Cannot change or remove a file as root
This is driving me nuts... There's a lot of info over the place and I've spent quite some hours already without any success. A customer of mine haves a website compromised with some japanese SEO spam (...
- 101
22
votes
3
answers
2k
views
rsync the file `a`b
Yeah, I know what you are thinking: "Who on earth names their file `a`b?"
But let us assume you do have a file called `a`b (possibly made by a crazy Mac user - obviously not by you), and you ...
- 37.5k
0
votes
1
answer
414
views
Is there any advantage to staying on very old linux kernels?
When I visit https://www.kernel.org/ I see a variety of kernel versions. At the time of writing there is one mainline, two stables, and a whopping six longterms. The oldest is 4.9. Is there a reason ...
- 1
2
votes
1
answer
933
views
Which 32-bit features are still vulnerable to "Retbleed" in the Linux kernel?
I'm updating my kernel to protect my system against the "Retbleed" exploit, and I know that affected 32-bit things haven't received the necessary mitigations. I'm wondering which 32-bit ...
- 328
-4
votes
1
answer
4k
views
Step by step Red Hat Update for OpenSSL [closed]
How to update
Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:1066)
Red Hat Update for java-11-openjdk security (RHSA-2022:1440)
Please guide me step by step, because I have no ...
0
votes
2
answers
785
views
How to fix CVE-2018-364 vulnerability
I have found a log in my /log/messages showing a CVE-2018-3646 error with the following link, (https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html). I have accessed the mentioned file-...
- 1
0
votes
0
answers
108
views
Clarification regarding CVE-2020-25717
We use CentOS 7 and have only samba-client in our deployment.
(We do not have samba server in our deployment.)
Does the CVE-2020-25717 affect our deployment?
- 101
-1
votes
1
answer
1k
views
Which Linux distribution is the latest openVAS available on?
It has been removed from the latest Alpine and their solution is to downgrade your system from 3.11 to 3.10.
It's no longer available on Debian, their solution is to build it from source.
Is there any ...
- 1
0
votes
0
answers
249
views
Is it really true that no RedHat fix exists for this High/Important 3-month old glib issue?
Short version
Red Hat Customer Portal lists CVE-2021-27219 as having a 9.8 out of 10 RedHat CVSS score, that it was published February 4, 2021, more than 3 months ago and that it affects RHEL 8, the ...
- 665