#linux

ABB Cylon Aspect MIX's IPConfigServlet allows unauthenticated network config changes via the Host: 127.0.0.1 bypass, writing to /etc/hosts and config files. Attackers can redirect traffic (e.g. localhost to 1.2.3.4) or disrupt connectivity, amplifying impact with network restarts.

ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate from localhost, granting unauthorized access to privileged operations. This bypass grants access to privileged functionality, including the DeplomentServlet, which is vulnerable to directory traversal. By leveraging this, an attacker can write arbitrary PHP files outside the intended directory scope. When combined, these issues allow remote attackers to upload a malicious PHP shell and execute system commands with the privileges of the web server, leading to full system compromise.

Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $_SERVER['REQUEST_URI'] and raw POST bodies into log messages without filtering, enabling attackers to inject arbitrary log entries using encoded newline characters. Similarly, Java classes using LoggerUtil.logger.* methods concatenate user-controlled strings like usernames and cookie keys into logs without validation. This systemic flaw allows for log forging, manipulating log content to obfuscate activity, insert misleading entries, or facilitate follow-up attacks.

The ABB BMS/BAS controller is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. The process involves uploading a crafted .bsx file through projectUpdateBSXFileProcess.php, which is then moved to htmlroot and executed by projectUpdateBSXExecute.php. This script leverages sudo to run the uploaded bsx file, enabling the attacker to bypass input validation checks and execute arbitrary code, leading to full system compromise and unauthorized root access.

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the logMixDownload.php script and dependant on SELECTED=ALL case.

### Summary When using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. ### Details Container Image (15.04.2025): ghcr.io/project-zot/zot-linux-amd64:latest Here is an example how the configuration can look which causes the above stated problem: ` http: address: "0.0.0.0" port: 5000 externalUrl: "https://zot.example.com" auth: { failDelay: 1, openid: { providers: { oidc: { name: "Keycloak", clientid: "zot-client-id", clientsecret: fsdfkmmiwljasdklfsjaskldjfkljewijrf234i52k3j45l, keypath: "", issuer: "https://keycloak.example.com/realms/example", scopes: ["openid"] } } } } ` ### PoC Set up a blank new zot k8s deployment with the code snippet above. ### Impact exposure of secrets, on configuring a oidc provider

The new major release of Red Hat Enterprise Linux (RHEL) brings a number of important improvements in the confidential computing domain. This article covers the most important features available now in both RHEL 10 and RHEL 9.6: Full support for RHEL Unified Kernel Image (UKI), including FIPS and kdump supportIntel Trusted Domain Extension (TDX) guestsTrustee attestation clientFull support for RHEL Unified Kernel Image (UKI)First introduced in RHEL9.2 as a Technology Preview, UKI for RHEL is a UEFI Portable Executable (PE) binary containing the Linux kernel, initramfs, and kernel command line.

To understand Red Hat OpenShift's journey to quantum-safe cryptography, it helps to look at the current and planned post-quantum cryptography support in Red Hat Enterprise Linux (RHEL). This is because OpenShift includes Red Hat Enterprise Linux CoreOS (RHCOS), which provides several important cryptographic libraries. Bringing post-quantum cryptography to OpenShift is not a one-line configuration, of course. It's an architectural transition.There are three main areas of focus when considering post-quantum cryptography for OpenShift: RHCOS kernelsOpenShift Core userspaceGo versions used by the

Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure.

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. "RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,"