#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Debian | Breaking Cybersecurity News | The Hacker News

Category — Debian
A New 'Arbitrary File Copy' Flaw Affects ProFTPD Powered FTP Servers

A New 'Arbitrary File Copy' Flaw Affects ProFTPD Powered FTP Servers

Jul 23, 2019
A German security researcher has publicly disclosed details of a serious vulnerability in one of the most popular FTP server applications, which is currently being used by more than one million servers worldwide. The vulnerable software in question is ProFTPD , an open source FTP server used by a large number of popular businesses and websites including SourceForge, Samba and Slackware, and comes pre-installed with many Linux and Unix distributions, like Debian. Discovered by Tobias Mädel , the vulnerability resides in the mod_copy module of the ProFTPD application, a component that allows users to copy files/directories from one place to another on a server without having to transfer the data to the client and back. According to Mädel, an incorrect access control issue in the mod_copy module could be exploited by an authenticated user to unauthorizedly copy any file on a specific location of the vulnerable FTP server where the user is otherwise not allowed to write a file.
Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

Dec 06, 2018
Hold tight, this may blow your mind… A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability. The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines policies, handles system-wide privileges and provides a way for non-privileged processes to communicate with privileged ones, such as "sudo," that does not grant root permission to an entire process. The issue, tracked as CVE-2018-19788 , impacts PolicyKit version 0.115 which comes pre-installed on most popular Linux distributions, including Red Hat , Debian ,  Ubuntu , and CentOS. The vulnerability exists due to PolicyKit's improper validation of permission requests for any low-privileged user with UID greater than INT_MAX. Where, INT_MAX is a constant in computer progra
Cyber Story Time: The Boy Who Cried "Secure!"

Cyber Story Time: The Boy Who Cried "Secure!"

Nov 21, 2024Threat Detection / Pentesting
As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation (ASV) tools?" We've covered that pretty extensively in the past, so today, instead of covering the " What is ASV?" I wanted to address the " Why ASV?" question. In this article, we'll cover some common use cases and misconceptions of how people misuse and misunderstand ASV tools daily (because that's a lot more fun). To kick things off, there's no place to start like the beginning. Automated security validation tools are designed to provide continuous, real-time assessment of an organization's cybersecurity defenses. These tools are continuous and use exploitation to validate defenses like EDR, NDR, and WAFs. They're more in-depth than vulnerability scanners because they use tactics and techniques that you'll see in manual penetration tests. Vulnerability scanners won't relay hashes or combine vulnerabilities to further attacks, whic
New Privilege Escalation Flaw Affects Most Linux Distributions

New Privilege Escalation Flaw Affects Most Linux Distributions

Oct 26, 2018
An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an intermediary between client and user applications to manage graphical displays. According to a blog post published by software security engineer Narendra Shinde , Xorg X server doesn't correctly handle and validate arguments for at least two command-line parameters, allowing a low-privileged user to execute malicious code and overwrite any file—including files owned by privileged users like root. The flaw, tracked as CVE-2018-14665 , was introduced in X.Org server 1.19.0 package that remained undetected for almost two years and could have been exploited by a local attacker on the terminal or vi
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit

Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit

Sep 28, 2018
A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8. Discovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that leads to use-after-free vulnerability, which if exploited, could allow an attacker to gain root privileges on the targeted system. The use-after-free (UAF) vulnerabilities are a class of memory corruption bug that can be exploited by unprivileged users to corrupt or alter data in memory, enabling them to cause a denial of service (system crash) or escalate privileges to gain administrative access on a system. Linux Kernel Exploit Takes an Hour to Gain Root Access However, Horn says his PoC Linux kernel exploit made available to the public "takes about an hour to run before popping a root shell."
New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions

New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions

Sep 26, 2018
Security researchers have published the details and proof-of-concept (PoC) exploits of an integer overflow vulnerability in the Linux kernel that could allow an unprivileged user to gain superuser access to the targeted system. The vulnerability, discovered by cloud-based security and compliance solutions provider Qualys, which has been dubbed "Mutagen Astronomy," affects the kernel versions released between July 2007 and July 2017, impacting the Red Hat Enterprise Linux, CentOS, and Debian distributions. The Mutagen Astronomy vulnerability tracked as CVE-2018-14634, is a type of a local privilege escalation issue—one of the most common issues with operating systems as a whole—and exists in the Linux kernel's create_elf_tables() function that operates the memory tables. To successfully exploit this vulnerability, attackers need to have access to the targeted system and run their exploit that leads to a buffer overflow, thereby resulting in the execution of malici
Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response

Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response

Jun 29, 2017
A critical vulnerability has been discovered in Systemd , the popular init system and service manager for Linux operating systems, that could allow remote attackers to potentially trigger a buffer overflow to execute malicious code on the targeted machines via a DNS response. The vulnerability, designated as CVE-2017-9445 , actually resides in the ' dns_packet_new ' function of 'systemd-resolved,' a DNS response handler component that provides network name resolution to local applications. According to an advisory published Tuesday, a specially crafted malicious DNS response can crash 'systemd-resolved' program remotely when the system tries to lookup for a hostname on an attacker-controlled DNS service. Eventually, large DNS response overflows the buffer, allowing an attacker to overwrite the memory which leads to remote code execution. This means the attackers can remotely run any malware on the targeted system or server via their evil DNS service
Maru OS — Android ROM that Turns into Debian Linux When Connected to a PC

Maru OS — Android ROM that Turns into Debian Linux When Connected to a PC

Feb 06, 2016
Good News for Linux Techno Freaks! Do you usually mess with your Android smartphone by trying out the continual ins and outs of various apps and custom ROMs? Then this news would be a perfect pick for you! What If, you can effectively carry a Linux computer in your pocket? Hereby introducing a new Android-based Operating system named " Maru OS " that combine the mobility of a smartphone as well as the power of a desktop on a single device. Maru OS allows you to turn your smartphone into a desktop when plugging it with an HDMI cable. Maru custom ROM includes two operating systems: Android 5.1 Lollipop for mobile phones Debian-Linux for desktop monitor When you connect your phone (with Maru OS installed on it) via HDMI to a monitor, it will load Debian Linux automatically on your desktop screen in less than 5 seconds. "Your phone runs independently of your desktop so you can take a call and work on your big screen at the same time,"
R.I.P Ian Murdock, Founder of Debian Linux, Dies at 42

R.I.P Ian Murdock, Founder of Debian Linux, Dies at 42

Dec 30, 2016
Ian Murdock , the founder the Debian Linux operating system and the creator of apt-get, has passed away. Yes, it is very sad to announce that Ian Murdock is not between us. His death has touched the entire software community. He was just 42. The announcement of Murdock death came out via a blog post on Docker website, where Murdock was working as a member of the technical staff. The cause of death is unclear at present, but Murdock tweeted the same day that he would commit suicide that night. His Twitter account had since been deleted. However, at that time, some people speculated that Murdock's account had been hacked and that the tweets were not by him. Murdock posted some Tweets  on Monday suggesting he had been involved in a police case and has been beaten by the police and charged with battery. However, neither Docker, nor the San Francisco Police Department immediately commented on Murdock's actual cause of death. Murdock developed Debian in Augu
Official Debian and Python Wiki Servers Compromised

Official Debian and Python Wiki Servers Compromised

Jan 09, 2013
Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in " moin " package. According to  Brian Curtin at Python Project , Hacker user some unknown remote code exploit on Python Wiki server (https://wiki.python.org/) and was able to get shell access. The shell was restricted to "moin" user permissions, where but no other services were affected. Attacker deleted all files owned by the "moin" user, including all instance data for both the Python and Jython wikis. Python Software Foundation encourages all wiki users to change their password on other sites if the same one is in use elsewhere. For now, Python Wiki is down and team is investigating more about breach. Where as in Debian Wiki (https://wiki.debian.org/) security breach, user use some known vulnerabilities Directory traversal ( CVE-20
New Linux Rootkit Attacks Internet Users

New Linux Rootkit Attacks Internet Users

Dec 02, 2012
Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the web visitor&#
Expert Insights / Articles Videos
Cybersecurity Resources