[CVE-2025-14282] dropbear: privilege escalation via unix domain socket forwardings

https://github.com/turistu/odds-n-ends/blob/main/CVE-2025-14282.md

It's 2025, and I have to prompt an LLM no less than 5 times to figure out how to add a new keyboard layout to Windows Server 2025, becase 1) the UI turned absolutely shit 2) the built-in search is optimized for ads instead of discovering functionality.

Also, Disk Management is gone, and you get no meaningful results for "disk" in the Start Menu. But when you *right click* the Start icon it's there. Why would it be so hard to make this discoverable by search (or leaving a shortcut with the original name)??

Rust is is not a "silver bullet" that can solve all security problems, but it sure helps out a lot and will cut out huge swatches of Linux kernel vulnerabilities as it gets used more widely in our codebase.

That being said, we just assigned our first CVE for some Rust code in the kernel: https://lore.kernel.org/all/2025121614-CVE-2025-68260-558d@gregkh/ where the offending issue just causes a crash, not the ability to take advantage of the memory corruption, a much better thing overall.

Note the other 159 kernel CVEs issued today for fixes in the C portion of the codebase, so as always, everyone should be upgrading to newer kernels to remain secure overall.

RE: https://infosec.exchange/@BleepingComputer/115730066370654236

Apparently CVE-2025-59718 and CVE-2025-59719 are now EITW.

@gsuberland Be true to the name: write a script to change to a random number periodically to increase Chaos

@fwaggle on my Ubuntu 22.0 and 24.0 the ed25519 host public key is not in PEM but in the <type> <key> format (no <comment> section).

What distro uses PEM? I can try to convert it to the type-format and see if the daemon blindly accepts it.

../ in FreshRSS. How did no one recommend that one to me yesterday? A new ../ would have been fun.

https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-6c8h-w3j5-j293

@jerry @Landsil @bagder My f2f's often divert to discussing AI so I think that already happened.

A couple vulns in Trail of Bits' Fickling.

https://github.com/trailofbits/fickling/security/advisories/GHSA-565g-hwwr-4pp3

https://github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2

With H2HC on hiatus this year, the security community stepped up to create the 307 Temporary Security Conference—and we were proud to be part of it!

We presented our research on vulnerabilities in the CAN BCM protocol in the Linux kernel.

Thank you to everyone who watched!

The slides and exploit demos are now available.

Slides
https://allelesecurity.com/wp-content/uploads/2025/12/Presentation_307.pdf

Demo 1: Exploit for UAF read (CAN BCM) to dump shadow file & MySQL root hash.
https://www.youtube.com/watch?v=znTLHc2mXIs

Demo 2: Exploit for UAF read in CAN BCM (CVE-2023-52922) that leaks encoded freelist pointer and slab object addresses
https://www.youtube.com/watch?v=XQ3QlXqn6pI

Memory bugs, such as use-after-free and buffer overflows, are the most exploited vulnerability class; however, AddressSanitizer's 2-4x performance overhead makes it unusable in production.

So, we recommend GWP-ASan, which uses sampling and guard pages to detect memory safety bugs at scale. Learn the technique and how to implement it in your C++ projects using LLVM's scudo allocator:
https://blog.trailofbits.com/2025/12/16/use-gwp-asan-to-detect-exploits-in-production-environments/

I want things that are above my reading level, that's how I get better at reading 🤔😁

@reading @bookstodon @books @humor@fedigroups.social @humor@lemmy.world @aiop

#ReadingMemes #Memes
#ReadAllTheBooks #Humor #Humour
#Reading #Readers #ReadersOfMastodon #ReadingCommunity
#Book #Books #Novel #Novels #Fiction
#Bookwyrm #Bookworm #Bookstodon #BookLove #FantasyBooks #ReadingLevel #Level

My second blog post regaling tales from my weekend of bugs:

https://wirepair.org/2025/12/16/netcode-bugs/

#gamedev

To the person who thought displaying questionnaires on first browser startup is a good idea:

You are dumb and literally everyone hates you.

The Cryptax Award H2 2025 is out! (lol)

Best talks, papers, CTF challenges, tools I encountered in the second half of 2025:

https://cryptax.github.io/nomination-2025-h2/

It's a difficult selection, as always, and it is very personal opinion!

Congratulations to those who are listed, and kudos to others :)

@pancake @UYBHYS @rootme_org

THC Release 💥: The world’s largest IP<>Domain database: https://ip.thc.org

All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.

Updated monthly.

Try: curl https://ip.thc.org/1.1.1.1

Raw data: https://ip.thc.org/docs/bulk-data-access

(The fine work of messede 👌)

What does everyone think? Need feedback before release tomorrow :)

If you need to get your mood down a few notches, there are some new slop entries to torment yourself with here:

https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd

Training Ticket Shop for #offensivecon26 is now open.

The content of our 2026 trainings is unique and exclusive to OffensiveCon, so don’t miss out.

🔥 New this year: Get your training + conference ticket bundle - you have the opportunity to secure a conference ticket before the conference ticket shop opens!
You can also get a training ticket only...

Training tickets: https://www.offensivecon.org/register.html

And the conference ticket shop? Oh, it’ll open… sometime in the next 5 months. Stay tuned.👀

@0xabad1dea Isn't this an EU thing? I read about the same thing in Hungary maybe a week ago.

There's another researcher, Zhengyu Liu, who's been finding CPython crashes (mostly use-after-free) at breakneck speed (19 in 5 days!): https://github.com/python/cpython/issues?q=is%3Aissue%20author%3Ajackfromeast

Not sure about what technique they're using, but their site states they they favor "leveraging program analysis approaches to detect/exploit/patch vulnerabilities in real-world complex applications and systems".

Their reports are comprehensive, with great presentation and details.

https://jackfromeast.github.io/

#CPython #Python #Crash