Security vulnerabilities and automated fixes for linux security issues
3 posts found
A high-severity buffer over-read vulnerability was discovered in `bpf/sslsniff.c` at line 515, where `memmove()` was called with a size derived from an unbounded `strlen()` on a pointer computed by searching within a fixed-size path buffer. An attacker able to influence `/proc` filesystem entries or `ldconfig` output could have triggered out-of-bounds memory reads or writes. The fix replaces the unsafe `strlen()` call with a bounds-aware `strnlen()` that constrains the operation to the remaining
A high-severity privilege escalation vulnerability was discovered in a Docker Compose configuration where the `nginx` service lacked the `no-new-privileges` security option and was running with a writable root filesystem. These misconfigurations could allow a compromised container process to gain elevated permissions or download and execute malicious payloads. The fix applies defense-in-depth by adding `no-new-privileges:true`, enforcing a read-only root filesystem, and redirecting writable path
A critical command injection vulnerability was discovered and patched in Firejail's `netfilter.c`, where attacker-controlled environment variables could be used to inject shell metacharacters into a command string executed with elevated privileges. This type of vulnerability is particularly dangerous in security-focused tools like Firejail, which often run with root or elevated permissions, potentially allowing a local attacker to achieve full system compromise. The fix removes the unsafe `exec(