securityonline.info Open in urlscan Pro
2600:1f10:4c55:e23d:5d5b:8bb5:8ae2:1fff  Public Scan

Form analysis
3 forms found in the DOM

https://securityonline.info/

<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
    <input type="search" class="search-field" placeholder="Search …" name="s"></label>
  <input type="submit" class="search-submit" value="Search">
</form>

https://securityonline.info/

<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
    <input type="search" class="search-field" placeholder="Search …" name="s"></label>
  <input type="submit" class="search-submit" value="Search">
</form>

<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
  <table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
    <tbody>
      <tr>
        <td class="gsc-input">
          <div class="gsc-input-box" id="gsc-iw-id1">
            <table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
              <tbody>
                <tr>
                  <td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1"
                      style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; background: url(&quot;https://www.google.com/cse/static/images/1x/en/branding.png&quot;) left center no-repeat rgb(255, 255, 255); outline: none;"
                      dir="ltr" spellcheck="false"></td>
                  <td class="gsib_b">
                    <div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" style="display: none;" title="Clear search box" role="button"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
                  </td>
                </tr>
              </tbody>
            </table>
          </div>
        </td>
        <td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
              <title>search</title>
              <path
                d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
              </path>
            </svg></button></td>
        <td class="gsc-clear-button">
          <div class="gsc-clear-button" title="clear results">&nbsp;</div>
        </td>
      </tr>
    </tbody>
  </table>
</form>

Text Content

Skip to content

Cybersecurity News


 * Search for:

 * Home
 * Cyber Security
 * Data Leak
 * Linux
 * Malware Attack
 * Open Source Tool
 * Technology
 * Vulnerability
 * Windows

 * Home
 * Cyber Security
 * Data Leak
 * Linux
 * Malware Attack
 * Open Source Tool
 * Technology
 * Vulnerability
 * Windows

Search for:

Cybersecurity News


 * Linux / Vulnerability


SEVERE UNAUTHENTICATED RCE FLAW (CVSS 9.9) IN GNU/LINUX SYSTEMS AWAITING FULL
DISCLOSURE

by do son · September 23, 2024




A critical security vulnerability affecting all GNU/Linux systems—and
potentially others—has been identified by renowned security researcher Simone
Margaritelli. The vulnerability, which allows for unauthenticated remote code
execution (RCE), has been acknowledged by major industry players like Canonical
and Red Hat, who have confirmed its severity with a CVSS score of 9.9 out of 10.

Margaritelli disclosed the existence of the vulnerability approximately three
weeks ago but withheld specific details to allow developers time to address the
issue. Despite this, there is currently no working fix available. Discussions
between the researcher and developers have led to an agreed timeline for
disclosure:

 * September 30: Initial disclosure to the Openwall security mailing list.
 * October 6: Full public disclosure of the vulnerability details.

Interestingly, there has been a delay in assigning Common Vulnerabilities and
Exposures (CVE) identifiers to this issue. Margaritelli suggests that there
should be at least three CVEs assigned, possibly up to six, due to the
multifaceted nature of the vulnerabilities involved.

Canonical and Red Hat have not only confirmed the vulnerability’s high severity
but are also actively working on assessing its impact and developing patches.
However, some developers are reportedly debating the security impact of certain
aspects of the vulnerabilities, which may be contributing to the delay in
releasing a fix.

The lack of detailed information has left both individual users and security
experts in a state of heightened concern. Without knowing which specific
components, functions, or versions are affected, organizations are unable to
take proactive measures to protect their systems.

Moreover, the absence of CVE assignments raises questions about the coordination
and communication between security researchers, vendors, and the organizations
responsible for vulnerability enumeration.

While a CVSS score of 9.9 indicates critical severity, it’s important to
approach the situation with a balanced perspective. Not all high-severity
vulnerabilities are easily exploitable in real-world scenarios. For instance:

 * CVE-2024-7589: An SSH remote code execution vulnerability initially scored at
   9.8 was later reevaluated to 8.1 due to the difficulty of exploitation.
 * CVE-2024-38063: A Windows system RCE vulnerability with a CVSS score of 9.8
   drew significant attention but was deemed very difficult to exploit after
   thorough analysis by security experts.

These examples highlight the importance of detailed technical analysis to fully
understand a vulnerability’s impact.

While awaiting the full disclosure and subsequent patches, users and
administrators should:

 * Stay informed by following updates from trusted security news sources and
   official vendor communications.
 * Review and enhance existing security measures, such as firewalls and
   intrusion detection systems.
 * Prepare for rapid deployment of patches once they become available.


RELATED POSTS:

 * CVE-2024-7589: OpenSSH Pre-Authentication Vulnerability in FreeBSD Exposes
   Systems to RCE
 * CVE-2024-38063 (CVSS 9.8): 0-Click RCE Affects All Windows Systems
 * FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10)



Share







Tags: GNULinuxlinux vulnerability

Follow:

 * 
 * 
 * 
 * 
 * 


SEARCH

×

search
 

Visit Penetration Testing Tools & The Information Technology Daily

Support Securityonline.info site. Thanks!


 * Vulnerability
   
   CVE-2024-39584: Dell BIOS Flaw Exposes Systems to Secure Boot Bypass and
   Arbitrary Code Execution
   
   August 29, 2024

 * Vulnerability
   
   CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress
   LoadMaster
   
   September 5, 2024

 * Vulnerability
   
   WhatsUp Gold Under Attack: New RCE Vulnerabilities Exploited
   
   September 12, 2024

 * Vulnerability
   
   Researchers Detail CVE-2024-38014 0-Day Vulnerability in Windows MSI
   Installers Exploited in the Wild
   
   September 18, 2024

 * Vulnerability
   
   Centreon Issues Critical Security Update: SQL Injection Vulnerabilities
   Threaten IT Monitoring
   
   August 26, 2024



Reward


BRILLIANTLY

SAFE!




securityonline.info


CONTENT & LINKS

Verified by Sur.ly



2022


WEBSITE

 1. About SecurityOnline.info
 2. Advertise on SecurityOnline.info
 3. Contact



 * About Us
 * Contact Us
 * Disclaimer
 * Privacy Policy
 * DMCA NOTICE
 * Sponsors

Cybersecurity News © 2024. All Rights Reserved.

 * 
 * 
 * 
 * 
 * 

x
3 ✕ Here are some notifications you missed: Here are some notifications you
missed: Recent Notifications Recent Notifications CVE-2024-9014 (CVSS 9.9):
pgAdmin's Critical Vulnerability Puts User Data at Risk 5 hours ago Infostealers
Overcome Chrome's App-Bound Encryption, Threatening User Data Security 5 hours
ago Researchers Exploit Vulnerability to Obtain TLS Certificates for Any .MOBI
Domain 5 hours ago Error. Try later. You have blocked Push Notifications. Follow
these instructions to enable Push Notifications. Subscribe to receive push
notifications on latest updates You are unsubscribed to Push Notifications You
are subscribed to Push Notifications SUBSCRIBE SUBSCRIBE UNSUBSCRIBE ⚡ by
 Webpushr
Would you like to receive notifications on latest updates? YES NOT YET



X CVE-2024-9014 (CVSS 9.9): pgAdmin's Critical Vulnerability Puts User Data at
Risk 5 hours ago