Author:

ImageTragick – ImageMagick Filtering Vulnerability Fix A vulnerability was found in Imagemagick where insufficient filtering for filenames passed to a delegate’s command allows remote code execution during the conversion of several file formats. How to Test There are two ways we can check if the server is vulnerable: Create a test file, imagick_exploit.mvg with following […]

OPENSSL VULNERABILITIES – CVE-2016-2108 & CVE-2016-2107 On 3rd May 2016, OpenSSL released patches for two high severity bugs (CVE-2016-2108 & CVE-2016-2107), and 4 low severity ones.  CVE-2016-2107 is an OpenSSL bug which allows a man-in-the-middle (MITM) attacker to use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the […]

General Information regarding DROWN vulnerability Fix On March 1, we have another OpenSSL vulnerability reported: DROWN. Please follow the document to know more about DROWN and DROWN Vulnerability Fix Name: DROWN( Decrypting RSA using Obsolete and Weakened eNcryption.) Type: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800). Affected services: DROWN is a serious vulnerability that affects HTTPS and other services that […]

Considering the recent glibc vulnerability, getting details regarding glibc versions can be a bit difficult when you are managing large server clusters with multiple OS versions. Configuration management tools like ansible becomes a real boon in here. For anyone who is not familiar with ansible, take a looks at the ansible intro page for details […]

What’s the glibc getaddrinfo vulnerability? Red Hat has updated details on the vulnerability. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user […]