Dirty Cow – CVE-2016-5195

One vulnerability in the Linux kernel

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

Centos/Redhat affected versions: 5/6/7

Detail:

https://access.redhat.com/security/vulnerabilities/DirtyCow

Script to check the vulnerability: https://access.redhat.com/sites/default/files/rh-cve-2016-5195_5.sh

Advertisements

CVE-2017-7494 – Samba 漏洞

漏洞警报(CVE-2017-7494)

All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.

Manual fix/Workaround

Add the parameter:
nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This
prevents clients from accessing any named pipe endpoints. Note this
can disable some expected functionality for Windows clients.

 

More 1 second (leap second) – 2017

Counting down to 2017 will take more 1 second, e.g.

After 23.59:59 on 31 December, it will be 23:59:60

Leap seconds are a periodic one-second adjustment of Coordinated Universal Time(UTC) in order to keep a system’s time of day close to the mean solar time.

However, the Earth’s rotation speed varies in response to climatic and geological events, and due to this, UTC leap seconds are irregularly spaced and unpredictable.

leap_second_centos_1

For systems (redhat 4/5/6/7) not synchronized by ntpd or ptp an updated tzdata package that contains the December 31st leap second is required.

patch:

tzdata-2016g-2.el4 (redhat4)

tzdata-2016g-2.el5 (redhat5)

tzdata-2016g-2.el6 (redhat 6)

tzdata-2016g-2.el7(redhat 7)