Unix & Linux Stack Exchange
Q&A for users of Linux, FreeBSD and other Unix-like operating systems
Latest Questions
-2
votes
1
answers
115
views
Password revealed in terminal after empty password attempt
In Ubuntu (maybe other distros too) terminals it appears that password echoing gets enabled between failed password prompts revealing whatever is being typed (the password most probable). ![demo GIF][1] I encountered this issue where my password became visible in plaintext on the terminal when hitti...
In Ubuntu (maybe other distros too) terminals it appears that password echoing gets enabled between failed password prompts revealing whatever is being typed (the password most probable).
I encountered this issue where my password became visible in plaintext on the terminal when hitting
I encountered this issue where my password became visible in plaintext on the terminal when hitting enter by accident before starting typing the password.
Steps to Reproduce:
1. Execute a command that requires a password e.g. sudo ls.
2. When prompted for the password, hit Enter before typing anything, then immediately start typing the password.
3. While the system validates the empty password, the keyboard input becomes visible revealing your password.
4. By the time you hit enter again the system already rejected the empty password and successfully validates the new one leading to a correct execution.
Expected Behavior:
When prompted for password the system should disable input echoing until the password is correctly validated, all the attempts have failed, or the operation has been canceled.
Cristian Tatu
(9 rep)
Apr 14, 2025, 02:38 PM
• Last activity: Apr 15, 2025, 04:10 PM
65
votes
3
answers
83136
views
Disable Spectre and Meltdown mitigations
Can I disable Spectre and Meltdown mitigation features in Ubuntu 18.04LTS? I want to test how much more performance I gain when I disable these two features in Linux, and if the performance is big, to make it permanently.
Can I disable Spectre and Meltdown mitigation features in Ubuntu 18.04LTS?
I want to test how much more performance I gain when I disable these two features in Linux, and if the performance is big, to make it permanently.
pioupiou
(926 rep)
Nov 30, 2019, 08:05 AM
• Last activity: Mar 25, 2025, 02:25 PM
0
votes
1
answers
53
views
Is it possible that some versions of Ubuntu are affected from different vulnerabilities with respect to the respective upstream Debian?
For my job, I am using a series of devices mounting Debian 9 stretch. I hear about the rsync's vulnerability, which our devices use. I read in the Debian [announcement][1] that Bullseye (11) is not affected. However, in the announcement about the same topic for [Ubuntu,][2] it is said that the affec...
For my job, I am using a series of devices mounting Debian 9 stretch. I hear about the rsync's vulnerability, which our devices use. I read in the Debian announcement that Bullseye (11) is not affected. However, in the announcement about the same topic for Ubuntu, it is said that the affected versions upstream of rsync are from 3.1.0 to at least 3.2.7, i.e. from 2014 to now, so I would expect also the upstream Debian versions to be affected as well. For instance, I can see my devices use rsync 3.1.2. So my question is: can I be sure that pre-Bullseye versions of Debian are unaffected (due to, I guess, different patches applied with respect to Ubuntu?), or should I compile from source the new version of rsync, to be sure?
Alessandro Bertulli
(113 rep)
Jan 22, 2025, 10:31 AM
• Last activity: Jan 22, 2025, 02:03 PM
2
votes
2
answers
167
views
Ghost vulnerability - recompile C/C++ programs?
I've `CentOS 6.0` server with `glibc-2.12-1.7.el6.x86_64` running many open source services and some of my own C programs. To fix ghost vulnerability, I need to update it to `glibc-2.12-1.149.el6_6.5`. Since the version difference seems large. I was wondering whether I need to recompile my C/C++ app...
I've
CentOS 6.0 server with glibc-2.12-1.7.el6.x86_64 running many open source services and some of my own C programs.
To fix ghost vulnerability, I need to update it to glibc-2.12-1.149.el6_6.5.
Since the version difference seems large.
I was wondering whether I need to recompile my C/C++ apps or even some of the open source services ?
How do I even test them bcos testing everything is next to impossible ?
I've read that some people had to revert the update bcos they faced segfaults in their apps.
amolkul
(33 rep)
Feb 15, 2015, 03:22 PM
• Last activity: Jan 14, 2025, 08:46 AM
0
votes
1
answers
123
views
Confusing in status of 'fixed" and "obsolete" in debsecan of Ubuntu
1. May I know what are the meaning of 'fixed" and "obsolete" in debsecan of Ubuntu? **output of "debsecan --suite bookworm"** a) CVE-2024-xxxxx {Package Name} (fixed, obsolete) b) CVE-2024-xxxxx {Package Name} (fixed) c) CVE-2024-xxxxx {Package Name} (obsolete) And is the vulnerability fixed? ``` $...
1. May I know what are the meaning of 'fixed" and "obsolete" in debsecan of Ubuntu?
**output of "debsecan --suite bookworm"**
a) CVE-2024-xxxxx {Package Name} (fixed, obsolete)
b) CVE-2024-xxxxx {Package Name} (fixed)
c) CVE-2024-xxxxx {Package Name} (obsolete) And is the vulnerability fixed?
a) CVE-2024-xxxxx {Package Name} (fixed, obsolete)
b) CVE-2024-xxxxx {Package Name} (fixed)
c) CVE-2024-xxxxx {Package Name} (obsolete) And is the vulnerability fixed?
$ debsecan --suite bookworm --format detail
CVE-2021-33061
Insufficient control flow management for the Intel(R) 82599 Ethernet C ...
installed: linux-headers-5.15.0-100-generic 5.15.0-100.110
(built from linux 5.15.0-100.110)
package is obsolete
fixed in unstable: linux 5.18.2-1 (source package)
CVE-2021-33631
Integer Overflow or Wraparound vulnerability in openEuler kernel on Li ...
installed: linux-headers-5.15.0-102-generic 5.15.0-102.112
(built from linux 5.15.0-102.112)
package is obsolete
fixed in unstable: linux 6.1.4-1 (source package)
fixed on branch: linux 4.19.282-1 (source package)
fixed on branch: linux 4.19.289-1 (source package)
fixed on branch: linux 4.19.289-2 (source package)
fixed on branch: linux 4.19.304-1 (source package)
fixed on branch: linux 4.19.316-1 (source package)
fixed on branch: linux 5.10.178-1 (source package)
fixed on branch: linux 5.10.179-1 (source package)
fixed on branch: linux 5.10.179-2 (source package)
fixed on branch: linux 5.10.179-3 (source package)
fixed on branch: linux 5.10.179-5 (source package)
fixed on branch: linux 5.10.191-1 (source package)
fixed on branch: linux 5.10.197-1 (source package)
fixed on branch: linux 5.10.205-1 (source package)
fixed on branch: linux 5.10.205-2 (source package)
fixed on branch: linux 5.10.209-1 (source package)
fixed on branch: linux 5.10.209-2 (source package)
fixed on branch: linux 5.10.215-1 (source package)
fixed on branch: linux 5.10.216-1 (source package)
fixed on branch: linux 5.10.218-1 (source package)
fixed on branch: linux 5.10.221-1 (source package)$ apt list --installed | fgrep linux-headers
linux-headers-5.15.0-100-generic/jammy-updates,jammy-security,now 5.15.0-100.110 amd64 [installed]
linux-headers-5.15.0-100/jammy-updates,jammy-security,now 5.15.0-100.110 all [installed]
linux-headers-5.15.0-102-generic/jammy-updates,jammy-security,now 5.15.0-102.112 amd64 [installed]
linux-headers-5.15.0-102/jammy-updates,jammy-security,now 5.15.0-102.112 all [installed]
linux-headers-5.15.0-113-generic/jammy-updates,jammy-security,now 5.15.0-113.123 amd64 [installed,automatic]
linux-headers-5.15.0-113/jammy-updates,jammy-security,now 5.15.0-113.123 all [installed,automatic]
linux-headers-5.15.0-118-generic/jammy-updates,jammy-security,now 5.15.0-118.128 amd64 [installed,automatic]
linux-headers-5.15.0-118/jammy-updates,jammy-security,now 5.15.0-118.128 all [installed,automatic]
linux-headers-5.15.0-97-generic/jammy-updates,jammy-security,now 5.15.0-97.107 amd64 [installed]
linux-headers-5.15.0-97/jammy-updates,jammy-security,now 5.15.0-97.107 all [installed]
linux-headers-generic/jammy-updates,jammy-security,now 5.15.0.118.118 amd64 [installed,automatic]
Eric Lo
(9 rep)
Aug 12, 2024, 09:09 AM
• Last activity: Aug 12, 2024, 04:18 PM
6
votes
1
answers
2551
views
How can I confirm for sure that a CVE has been mitigated on a RHEL system?
I have this problem, I'm trying to see if a group of servers are vulnerable to the CVE CVE-2024-1086 so what I do in the server is `rpm -qa --changelog kernel | grep 2024-1086`, and I get this as output: `- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-24009 226...
I have this problem, I'm trying to see if a group of servers are vulnerable to the CVE CVE-2024-1086 so what I do in the server is
rpm -qa --changelog kernel | grep 2024-1086, and I get this as output:
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-24009 2262126] {CVE-2024-1086}, which **I think** means that the cve has been mitigated in that system. However, the client says that their scan that they are using to check if the system is vulnerable is still showing that the server is vulnerable, do you know if with that output I can say that their scan is giving them a false positive or is there any other way to confirm for sure that the system is not vulnerable anymore to that CVE?
VaTo
(3248 rep)
Jun 28, 2024, 05:52 PM
• Last activity: Jul 1, 2024, 12:22 AM
6
votes
2
answers
16772
views
How do you mitigate the Terrapin SSH attack?
The [Terrapin Attack on SSH][1] details a _"prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the...
The Terrapin Attack on SSH details a _"prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it."_
How would you change the SSH configuration to mitigate this attack?
KJ7LNW
(525 rep)
Dec 22, 2023, 01:23 AM
• Last activity: Jan 12, 2024, 03:10 PM
2
votes
1
answers
2777
views
Are all Debian 11 systems automatically vulnerable to CVE-2023-38408?
I really really hope I'm wrong here, but it seems that Debian 11 has a vulnerable version of OpenSSH. My OpenSSH banner reports my OpenSSH version is: `8.4p1 Debian 5+deb11u1` I checked with sshd and it reports the same version. According to [this][1] CVE-2023-38408 ANY version before 9.3p2 is vulne...
I really really hope I'm wrong here, but it seems that Debian 11 has a vulnerable version of OpenSSH.
My OpenSSH banner reports my OpenSSH version is:
8.4p1 Debian 5+deb11u1
I checked with sshd and it reports the same version.
According to this CVE-2023-38408 ANY version before 9.3p2 is vulnerable.
I tried sudo apt update && sudo apt full-upgrade but it did not update the OpenSSH version..
Sir Muffington
(1306 rep)
Aug 13, 2023, 01:49 PM
• Last activity: Aug 17, 2023, 12:38 PM
0
votes
0
answers
172
views
Cannot change or remove a file as root
This is driving me nuts... There's a lot of info over the place and I've spent quite some hours already without any success. A customer of mine haves a website compromised with some japanese SEO spam (seems to be a known threat for wordpress websites: https://labs.sucuri.net/signatures/sitecheck/spa...
This is driving me nuts... There's a lot of info over the place and I've spent quite some hours already without any success. A customer of mine haves a website compromised with some japanese SEO spam (seems to be a known threat for wordpress websites: https://labs.sucuri.net/signatures/sitecheck/spam-seo/?japanese.0)
I'm using Ubuntu 20.04.6 LTS and the latest WordPress (all the plugins and core updated, restored core files from a fresh download as well, with sucuri, iThemes Security and Wordfence installed)
Unfortunately rolling back to a previous safe-state is not possible being that there are many transactions that happened since then, and we're uncertain about when the malware got introduced.
Now everything seems to be cleaned up, except one single thing: the index.php file.
There's NO WAY to remove / edit / do anything with this file, even by using the root user.
`
[root@site /home/xxxx.com/public_html] # ls -l index.php
-r--r--r-- 1 www www 6982 Apr 13 2022 index.php
[root@site /home/xxxx.com/public_html] # lsattr index.php
--------------e----- ./index.php
[root@site /home/xxxx.com/public_html] # chmod 755 index.php
[root@site /home/xxxx.com/public_html] # ls -l index.php
-r--r--r-- 1 www www 6982 Apr 13 2022 index.php
[root@site /home/xxxx.com/public_html] # rm -f index.php
[root@site /home/xxxx.com/public_html] # ls -l index.php
-r--r--r-- 1 www www 6982 Apr 13 2022 index.php
nnimis
(101 rep)
May 18, 2023, 11:07 PM
27
votes
3
answers
6756
views
How to detect and mitigate the Intel escalation of privilege vulnerability on a Linux system (CVE-2017-5689)?
According to the [Intel security-center post][1] dated May 1, 2017, there is a critical vulnerability on Intel processors which could allow an attacker to gain privilege (escalation of privilege) using AMT, ISM and SBT. Because the AMT has direct access to the computer’s network hardware, this hardw...
According to the Intel security-center post dated May 1, 2017, there is a critical vulnerability on Intel processors which could allow an attacker to gain privilege (escalation of privilege) using AMT, ISM and SBT.
Because the AMT has direct access to the computer’s network hardware, this hardware vulnerability will allow an attacker to access any system.
>There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.
Intel have released a detection tool available for Windows 7 and 10. I am using information from
dmidecode -t 4 and by searching on the Intel website I found that my processor uses Intel® Active Management Technology (Intel® AMT) 8.0.
>Affected products:
>
>The issue has been observed in Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability. Versions before 6 or after 11.6 are not impacted.
The description:
>An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT)
How can I easily detect and mitigate the Intel escalation of privilege vulnerability on a Linux system?
GAD3R
(69486 rep)
May 2, 2017, 08:29 PM
• Last activity: Apr 15, 2023, 06:40 PM
22
votes
3
answers
1797
views
rsync the file `a`b
Yeah, I know what you are thinking: "Who on earth names their file ``` `a`b ```?" But let us assume you *do* have a file called ``` `a`b ``` (possibly made by a crazy Mac user - obviously not by you), and you want to `rsync` that. The obvious solution: rsync server:'./`a`b' ./.; rsync 'server:./`a`b...
Yeah, I know what you are thinking: "Who on earth names their file
ababrsync that. The obvious solution:
rsync server:'./ab' ./.;
rsync 'server:./ab' ./.;
gives:
~~~~
bash: line 1: a: command not found
rsync: [sender] link_stat "/home/tange/b" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1865) [Receiver=3.2.7]
rsync: [Receiver] write error: Broken pipe (32)
~~~~
Even:
~~~~lang-shellsession
$ rsync 'server:./\a\b' ./.;
bash: line 3: a\: command not found
rsync: [sender] link_stat "/home/tange/\b" failed: No such file or directory (2)
:
~~~~
What is the rsync command I *should* be running?
~~~~lang-shellsession
$ rsync --version
rsync version 3.2.7 protocol version 31
~~~~
Ole Tange
(37348 rep)
Mar 21, 2023, 10:10 PM
• Last activity: Mar 24, 2023, 02:56 PM
0
votes
1
answers
395
views
Is there any advantage to staying on very old linux kernels?
When I visit https://www.kernel.org/ I see a variety of kernel versions. At the time of writing there is one mainline, two stables, and a whopping six longterms. The oldest is 4.9. Is there a reason to stay on such an old kernel? Don't outdated kernels have more vulnerabilities?
When I visit https://www.kernel.org/ I see a variety of kernel versions. At the time of writing there is one mainline, two stables, and a whopping six longterms. The oldest is 4.9. Is there a reason to stay on such an old kernel? Don't outdated kernels have more vulnerabilities?
nsum938
(1 rep)
Nov 22, 2022, 03:54 AM
• Last activity: Nov 22, 2022, 07:45 AM
2
votes
1
answers
909
views
Which 32-bit features are still vulnerable to "Retbleed" in the Linux kernel?
I'm updating my kernel to protect my system against the "Retbleed" exploit, and I know that [affected 32-bit things haven't received the necessary mitigations][1]. I'm wondering which 32-bit features I need to disable in the Linux kernel to be fully protected. I've found `CONFIG_X86_X32_ABI` and `CO...
I'm updating my kernel to protect my system against the "Retbleed" exploit, and I know that affected 32-bit things haven't received the necessary mitigations . I'm wondering which 32-bit features I need to disable in the Linux kernel to be fully protected.
I've found
CONFIG_X86_X32_ABI and CONFIG_IA32_EMULATION so far. I'd like to maintain the ability to execute 32-bit binaries with reduced performance, if possible. **Which (or both) of these config options enable the exploit? Are there any other features I need to disable?**
I'm aware that some older CPUs must disable SMT to be fully protected , but my CPU is not one of them.
ATLief
(328 rep)
Aug 7, 2022, 06:52 PM
• Last activity: Aug 7, 2022, 07:27 PM
-2
votes
1
answers
126
views
Security patch update
If applying the latest patch(example : CESA-2019:0679 - Libssh2 Security Update - CentOS 7 x86_64) will cover the previous patch changes or we need to do it separately?
If applying the latest patch(example : CESA-2019:0679 - Libssh2 Security Update - CentOS 7 x86_64) will cover the previous patch changes or we need to do it separately?
Srikanth R
(1 rep)
Jun 5, 2019, 12:04 PM
• Last activity: Jul 5, 2022, 05:49 AM
0
votes
2
answers
148
views
Is a package specific to a Linux distribution? How to protect against KRACK
I run multiple distributions of Linux. I am researching how to patch against [KRACK][1]. The package that is vulnerable in Linux is 'wpa_supplicant'. According to the [Vendor Responses][2] the "Linux patch" for wpa_supplicant can be found [here][3], whereas the (for example) Fedora patch can be foun...
I run multiple distributions of Linux. I am researching how to patch against KRACK .
The package that is vulnerable in Linux is 'wpa_supplicant'.
According to the Vendor Responses the "Linux patch" for wpa_supplicant can be found here , whereas the (for example) Fedora patch can be found here and the Debian patch can be found here .
**In which circumstances would/could I download and apply the so called "Linux patch" directly**? Is that only if I'm using the Linux Kernel directly? Otherwise, if I'm running on a specific distribution of Linux, do I need to wait for a patch from that specific distribution?
Note my question refers to a specific vulnerability (KRACK), but **I'm trying to understand generally, what is the difference between what the project puts out (in this case the hostapd and wpa_supplicant project) versus what the different Linux distributions release.**
n00b
(145 rep)
Oct 17, 2017, 02:46 PM
• Last activity: Jul 5, 2022, 05:41 AM
-4
votes
1
answers
4407
views
Step by step Red Hat Update for OpenSSL
How to update 1. Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:1066) 2. Red Hat Update for java-11-openjdk security (RHSA-2022:1440) Please guide me step by step, because I have no experience about this I Use MobaXterm to access Linux. Linux Version: ``` NAME="Red Hat Enterprise...
How to update
1. Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:1066)
2. Red Hat Update for java-11-openjdk security (RHSA-2022:1440)
Please guide me step by step, because I have no experience about this
I Use MobaXterm to access Linux.
Linux Version:
NAME="Red Hat Enterprise Linux Server"
VERSION="7.9 (Maipo)"
Lintang Gilang Pratama
(3 rep)
May 27, 2022, 06:16 AM
• Last activity: May 27, 2022, 09:51 AM
0
votes
2
answers
729
views
How to fix CVE-2018-364 vulnerability
I have found a log in my /log/messages showing a CVE-2018-3646 error with the following link, (https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html). I have accessed the mentioned file-path from the link (/sys/devices/system/cpu/vulnerabilities/l1tf) to check for specific vulnerabili...
I have found a log in my /log/messages showing a CVE-2018-3646 error with the following link, (https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html) . I have accessed the mentioned file-path from the link (/sys/devices/system/cpu/vulnerabilities/l1tf) to check for specific vulnerabilities and it said 'Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable'. How can I fix this? Could there be any possible consequences from altering these settings?
Mel
(1 rep)
May 15, 2022, 01:04 PM
• Last activity: May 15, 2022, 05:53 PM
0
votes
0
answers
90
views
Clarification regarding CVE-2020-25717
We use CentOS 7 and have only samba-client in our deployment. (We do not have samba server in our deployment.) Does the [CVE-2020-25717][1] affect our deployment? [1]: https://www.samba.org/samba/security/CVE-2020-25717.html
We use CentOS 7 and have only samba-client in our deployment.
(We do not have samba server in our deployment.)
Does the CVE-2020-25717 affect our deployment?
Michael
(101 rep)
Feb 1, 2022, 02:14 PM
• Last activity: Feb 1, 2022, 02:33 PM
-1
votes
1
answers
1050
views
Which Linux distribution is the latest openVAS available on?
It has been removed from the latest Alpine and their solution is to downgrade your system from 3.11 to 3.10. It's no longer available on Debian, their solution is to build it from source. Is there any Linux distribution whose repositories include the latest openVAS?
It has been removed from the latest Alpine and their solution is to downgrade your system from 3.11 to 3.10.
It's no longer available on Debian, their solution is to build it from source.
Is there any Linux distribution whose repositories include the latest openVAS?
freebie
(1 rep)
Jun 22, 2021, 10:56 AM
• Last activity: Jul 16, 2021, 06:50 AM
7
votes
1
answers
4890
views
Security of bash script involving gpg symmetric encryption
**Notice**: the very same vulnerability has been discussed in [this question](https://unix.stackexchange.com/q/400772/310237), but the different setting of the problem (in my case I don't need to store the passphrase) allows for a different solution (*i.e.* using file descriptors instead of saving t...
**Notice**: the very same vulnerability has been discussed in [this question](https://unix.stackexchange.com/q/400772/310237) , but the different setting of the problem (in my case I don't need to store the passphrase) allows for a different solution (*i.e.* using file descriptors instead of saving the passphrase in a file, see [ilkkachu's answer](https://unix.stackexchange.com/a/469641/310237)) .
Suppose I have a symmetrically encrypted file
my_file (with gpg 1.x), in which I store some confidential data, and I want to edit it using the following script:
read -e -s -p "Enter passphrase: " my_passphrase
gpg --passphrase $my_passphrase --decrypt $my_file | stream_editing_command | gpg --yes --output $my_file --passphrase $my_passphrase --symmetric
unset my_passphrase
Where stream_editing_command substitutes/appends something to the stream.
**My question**: is this safe? Will the variable $my_passphrase and/or the decrypted output be visible/accessible in some way? If it isn't safe, how should I modify the script?
francescop21
(318 rep)
Sep 17, 2018, 09:33 AM
• Last activity: Jun 30, 2021, 05:24 PM
Showing page 1 of 20 total questions