SUDO Vulnerability – CVE-2021-3156 – “Baron Samedit” (Privledge Escalation)

SOFTWARE: Sudo VENDOR LINK(s): https://www.sudo.ws/alerts/unescape_overflow.html CVEs: CVE-2021-3156 OFFICIAL CVSS: Unknown at this time, but presumed high TYPE: Privilege Escalation NOTES: Has existed in the software for 10 years and requires a local user account to run code to escalate to SUDO rights.

NSA to Enterprises – Manage DNS, block those Third party encrypted services

In a nice document by the NSA, the illustrate the positives and negatives of the new trend for browsers to have DNS encryption thru the browser. For those in the enterprise my take on it is simple: You are the boss. Manage the DNS in your enterprise. Configure desktops/laptops/clients to not use and even try […]

DNSMasq Vulnerabilities Found

SOFTWARE: DNSmasq SOFTWARE LINK(s): https://www.thekelleys.org.uk/dnsmasq/ CVEs: CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686 NOTES: Dnsmasq versions 2.78 to 2.82 were all found to be affected by the three flaws. Researchers are calling it DNSpooqI have a Raspberry Pi running the AD killing software called Pi-Hole – Its running DNSmasq. Simply put, there is a good chance this vulnerability […]