Category Archives: NetSec

/r/netsec – Information Security News & Discussion: Jailbreaking RouterOS & misc GNU inetutils <= 1.9.4 vulnerabilities.

Here are steps to jailbreak Mikrotik routers using arbitrary file creation vulnerabilities through telnet

https://hacker.house/releasez/expl0itz/mikrotik-jailbreak.txt

Here are heap and stack overflows in GNU inetutils <= 1.9.4 telnet.c client in the handling environment variables. Stack overflow is present in TELOPT_XDISPLOC option

https://hacker.house/releasez/expl0itz/inetutils-telnet.txt

These issues can be found all over embedded devices and in mainstream Linux distributions like Arch Linux due to the proliferation of GNU code re-use.

submitted by /u/hackerfantastic
[link] [comments]

/r/netsec - Information Security News & Discussion

/r/netsec – Information Security News & Discussion: Kubernetes PoC exploit for CVE-2018-1002105.

I created a Proof-of-Concept exploit for the Kubernetes bug that was published recently. You can find it here: https://github.com/evict/poc_CVE-2018-1002105.

It requires the exec permission on at least one pod. The payload dumps the contents of the etcd pod.

submitted by /u/_evict
[link] [comments]

/r/netsec - Information Security News & Discussion

/r/netsec – Information Security News & Discussion: The /r/netsec Monthly Discussion Thread – December 2018

Overview

Questions regarding netsec and discussion related directly to netsec are welcome here.

Rules & Guidelines
  • Always maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.
  • Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.
  • If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.
  • Avoid use of memes. If you have something to say, say it with real words.
  • All discussions and questions should directly relate to netsec.
  • No tech support is to be requested or provided on /r/netsec.

As always, the content & discussion guidelines should also be observed on /r/netsec.

Feedback

Feedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.

submitted by /u/AutoModerator
[link] [comments]

/r/netsec - Information Security News & Discussion