diag_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to information disclosure and DoS attacks

[Translate]

diag_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to device enumeration on LAN interface and DoS attacks against both device and network.

CWE-862: Missing Authorization weakness in diag_tool.cgi allows remote attacker to spawn ping (and traceroute) processes on affected devices without authorization. Moreover similar bug […]

Boa Webserver on DASAN H660RM devices with firmware 1.03-0022 saves post data, including credentials, to /tmp/boa-temp

[Translate]

Boa Webserver on DASAN H660RM devices with firmware 1.03-0022 (and possibly other) saves post data, including credentials, to /tmp/boa-temp. Moreover this file is not sanitized after request has been processed, which allow retrieval of login credential possible until another POST request is made.

This vulnerability was assigned CVE-2019-9976.

[…]

syslog_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 uses a hard-coded key for logs encryption

[Translate]

DASAN H660RM devices with firmware 1.03-0022 (and possibly other) uses a hard-coded key “dasanektks123” for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.

This vulnerability was assigned CVE-2019-9975.

[…]

ESE Key Daemon 1.2.7 released

[Translate]

New version of ESE Key Daemon was released today.

New features include the ability to handle multiple key combinations and distinguish between key presses and releases. A problem with the handling of the last line in a configuration file when there is no newline on the last line is gone. Numeric keys are […]

Debian GNU/Linux on Dell Inspiron 1764

[Translate]

Installing, configuring and using Debian GNU/Linux on Dell Inspiron 1764 (N0476409) notebook.

[…]

nCipher HSM with OpenSSL

[Translate]

I just finished playing with some nCipher’s HSM. Unfortunately there is no integration guide for OpenSSL that cover CHIL interface and nCipher hardware security modules.

nCipher’s installation guide is quite good, but after you finish installing hardware, drivers and daemons, you are on your own.

I found only two helpful sources: Andrea Campi’s […]

Szwajcarski nóż^Wpendrive oficerski

[Translate]

Szwajcarskie noże oficerskie słyną ze swej funkcjonalności. Odkąd zaczęto produkować wersje z wbudowaną pamięcią flash na USB zastanawiałem się, jak zapewnić oprogramowaniu zainstalowanemu na przenośnej pamięci równie dużą funkcjonalność.

[…]

Optimizing GNOME for Netbooks

[Translate]

GNOME can be easily optimized for Netbooks using configuration editor. Disabling animations, thumbnails and splash screen speeds up GNOME while scaling down icons saves space on desktop.

Metacity will give the user less feedback by using wireframes, avoiding animations, or other means if /apps/metacity/general/reduced_resources is set to true. This can be set with […]

Huawei E272 jako zapasowe łącze routera OpenWRT

[Translate]

Niedawno opisałem instalację “mydelniczki” DSL Thomson SpeedTouch 330 w OpenWRT. Tym razem instalujemy “mydelniczkę” trzeciej generacji – Huawei E272 – jako zapasowe łącze w routerze.

[…]