New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

By Newsroom

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246 (CVSS score: 7.8), the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have

Related tags
January 31^st 2024 at 05:44

The Hacker News
Warning: PyPI Feature Executes Code Automatically After Python Package Download
September 2^nd 2022 at 10:21

Warning: PyPI Feature Executes Code Automatically After Python Package Download

By Ravie Lakshmanan

In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb said in a

Related tags
September 2^nd 2022 at 10:21