Skip to main content

Questions tagged [vulnerability]

Security vulnerabilities are bugs (usually in software) that allow abuse of a program or system.

-2 votes
1 answer
130 views

Password revealed in terminal after empty password attempt [closed]

In Ubuntu (maybe other distros too) terminals it appears that password echoing gets enabled between failed password prompts revealing whatever is being typed (the password most probable). I ...
Cristian Tatu's user avatar
0 votes
1 answer
70 views

Is it possible that some versions of Ubuntu are affected from different vulnerabilities with respect to the respective upstream Debian?

For my job, I am using a series of devices mounting Debian 9 stretch. I hear about the rsync's vulnerability, which our devices use. I read in the Debian announcement that Bullseye (11) is not ...
Alessandro Bertulli's user avatar
0 votes
1 answer
154 views

Confusing in status of 'fixed" and "obsolete" in debsecan of Ubuntu

May I know what are the meaning of 'fixed" and "obsolete" in debsecan of Ubuntu? output of "debsecan --suite bookworm" a) CVE-2024-xxxxx {Package Name} (fixed, obsolete) b) ...
Eric Lo's user avatar
6 votes
1 answer
3k views

How can I confirm for sure that a CVE has been mitigated on a RHEL system?

I have this problem, I'm trying to see if a group of servers are vulnerable to the CVE CVE-2024-1086 so what I do in the server is rpm -qa --changelog kernel | grep 2024-1086, and I get this as output:...
VaTo's user avatar
  • 3,268
6 votes
2 answers
17k views

How do you mitigate the Terrapin SSH attack?

The Terrapin Attack on SSH details a "prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the ...
KJ7LNW's user avatar
  • 525
2 votes
1 answer
3k views

Are all Debian 11 systems automatically vulnerable to CVE-2023-38408?

I really really hope I'm wrong here, but it seems that Debian 11 has a vulnerable version of OpenSSH. My OpenSSH banner reports my OpenSSH version is: 8.4p1 Debian 5+deb11u1 I checked with sshd and it ...
Sir Muffington's user avatar
0 votes
0 answers
180 views

Cannot change or remove a file as root

This is driving me nuts... There's a lot of info over the place and I've spent quite some hours already without any success. A customer of mine haves a website compromised with some japanese SEO spam (...
nnimis's user avatar
  • 101
22 votes
3 answers
2k views

rsync the file `a`b

Yeah, I know what you are thinking: "Who on earth names their file `a`b?" But let us assume you do have a file called `a`b (possibly made by a crazy Mac user - obviously not by you), and you ...
Ole Tange's user avatar
  • 37.5k
0 votes
1 answer
414 views

Is there any advantage to staying on very old linux kernels?

When I visit https://www.kernel.org/ I see a variety of kernel versions. At the time of writing there is one mainline, two stables, and a whopping six longterms. The oldest is 4.9. Is there a reason ...
nsum938's user avatar
2 votes
1 answer
933 views

Which 32-bit features are still vulnerable to "Retbleed" in the Linux kernel?

I'm updating my kernel to protect my system against the "Retbleed" exploit, and I know that affected 32-bit things haven't received the necessary mitigations. I'm wondering which 32-bit ...
ATLief's user avatar
  • 328
-4 votes
1 answer
4k views

Step by step Red Hat Update for OpenSSL [closed]

How to update Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:1066) Red Hat Update for java-11-openjdk security (RHSA-2022:1440) Please guide me step by step, because I have no ...
Lintang Gilang Pratama's user avatar
0 votes
2 answers
786 views

How to fix CVE-2018-364 vulnerability

I have found a log in my /log/messages showing a CVE-2018-3646 error with the following link, (https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html). I have accessed the mentioned file-...
Mel's user avatar
  • 1
0 votes
0 answers
108 views

Clarification regarding CVE-2020-25717

We use CentOS 7 and have only samba-client in our deployment. (We do not have samba server in our deployment.) Does the CVE-2020-25717 affect our deployment?
Michael's user avatar
  • 101
-1 votes
1 answer
1k views

Which Linux distribution is the latest openVAS available on?

It has been removed from the latest Alpine and their solution is to downgrade your system from 3.11 to 3.10. It's no longer available on Debian, their solution is to build it from source. Is there any ...
freebie's user avatar
0 votes
0 answers
249 views

Is it really true that no RedHat fix exists for this High/Important 3-month old glib issue?

Short version Red Hat Customer Portal lists CVE-2021-27219 as having a 9.8 out of 10 RedHat CVSS score, that it was published February 4, 2021, more than 3 months ago and that it affects RHEL 8, the ...
Peter V. Mørch's user avatar

15 30 50 per page
1
2 3 4 5