Today we published an advisory for Busybox cpio. When extracting cpio archives... - Infosec

pentagrid, 9 months ago

Today we published an advisory for Busybox cpio. When extracting cpio archives with BusyBox cpio, the cpio archiving tools may write files outside the destination directory and there is no option to prevent this.

Full advisory: https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability

#itsecurity #infosec #pentesting #Busybox

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ dismantl, ljrk

Image

Image alternative text

ljrk, 9 months ago

@pentagrid Ah, busybox, a sure-fire source of old-school bugs :3

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Federation

Status:

On | Off

Instances:

/m/infosec

Threads (1428)

Microblog (3173)

All Content

People

Magazines

Collections

Thread

pentagrid

@pentagrid@infosec.exchange

Added: 9 months ago
Online: -
Boosts: 2

Magazine

Infosec

@infosec@kbin.social

This magazine is dedicated to discussions on cybersecurity, network security, and information security.

Whether you are an IT professional, a cybersecurity enthusiast, or simply concerned about online privacy and security, this is the place for you.

Here you can share your knowledge, ask for advice, and discuss the latest news and trends in the world of cybersecurity. From encryption and malware to risk management and digital forensics, this category covers a wide range of topics related to information security.

Join the conversation and let's work together to keep our online world safe and secure.

Created: 1 year ago
Owner: ernest
Subscribers: 3668
Online: -

Moderators

ernest

Active people

Researchers crack 11-year-old password, recover $3 million in bitcoin https://arstechnica.com/?p=2027419&utm_source=dlvr.it&utm_medium=mastodon #cybersecurity #infosec

8 days ago to Cybersecurity

Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware https://thehackernews.com/2024/05/europol-dismantles-100-servers-linked.html?utm_source=dlvr.it&utm_medium=mastodon...

7 days ago to Cybersecurity

It took some tinkering but got @QubesOS reinstalled during my #Twitch stream on my @purism Librem 14. Had to rework some of the steps based off documentation to get the #Monero with wallet isolation going. Basically grabbed the tar ball and extracted it to a folder in the template Qube and then had the...

8 days ago to Twitch

FlyingYeti APT Serves Up Cookbox Malware Using WinRAR https://www.darkreading.com/cyberattacks-data-breaches/flyingyeti-apt-cookbox-malware-winrar?utm_source=dlvr.it&utm_medium=mastodon...

5 days ago to Cybersecurity

Related threads

University of Michigan employee, student data stolen in cyberattack

7 months ago to sysadmin

David Attenborough narrates a cyber attack

7 months ago to InfoSecMemes

Pretender: Your MitM sidekick for relaying attacks

1 year ago to toolsec

Add comment