Today we published an advisory for Busybox cpio. When extracting cpio archives... - Infosec

pentagrid, 9 months ago

Today we published an advisory for Busybox cpio. When extracting cpio archives with BusyBox cpio, the cpio archiving tools may write files outside the destination directory and there is no option to prevent this.

Full advisory: https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability

#itsecurity #infosec #pentesting #Busybox

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ dismantl, ljrk

Image

Image alternative text

ljrk, 9 months ago

@pentagrid Ah, busybox, a sure-fire source of old-school bugs :3

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Federation

Status:

On | Off

Instances:

/m/infosec

Threads (1411)

Microblog (3173)

All Content

People

Magazines

Collections

Thread

pentagrid

@pentagrid@infosec.exchange

Added: 9 months ago
Online: -
Boosts: 2

Magazine

Infosec

@infosec@kbin.social

This magazine is dedicated to discussions on cybersecurity, network security, and information security.

Whether you are an IT professional, a cybersecurity enthusiast, or simply concerned about online privacy and security, this is the place for you.

Here you can share your knowledge, ask for advice, and discuss the latest news and trends in the world of cybersecurity. From encryption and malware to risk management and digital forensics, this category covers a wide range of topics related to information security.

Join the conversation and let's work together to keep our online world safe and secure.

Created: 1 year ago
Owner: ernest
Subscribers: 3668
Online: -

Moderators

ernest

Active people

Phones of journalists and activists in Europe targeted with Pegasus https://cyberscoop.com/spyware-europe-nso-pegasus/?utm_source=dlvr.it&utm_medium=mastodon #cybersecurity #infosec

7 days ago to Cybersecurity

I’m very close to finishing my personal laptop which is using @QubesOS on my @purism Librem 14. I just have to rotate passwords and setup my @bitwarden and @protonprivacy email and password manager. I even have @yubico for most of my TOTP. Need to sync Monero, login to...

7 days ago to random

Researchers crack 11-year-old password, recover $3 million in bitcoin https://arstechnica.com/?p=2027419&utm_source=dlvr.it&utm_medium=mastodon #cybersecurity #infosec

8 days ago to Cybersecurity

macOS version of elusive 'LightSpy' spyware tool discovered...

6 days ago to Cybersecurity

Related threads

University of Michigan employee, student data stolen in cyberattack

7 months ago to sysadmin

David Attenborough narrates a cyber attack

7 months ago to InfoSecMemes

Pretender: Your MitM sidekick for relaying attacks

1 year ago to toolsec

Add comment