CERT-In issues threat alert for high severity vulnerabilities in Linux, Unix and Realtek SDK
The Indian Computer Emergency Response Team (CERT-In) revealed details about the vulnerabilities on Monday
The Indian Computer Emergency Response Team (CERT-In) revealed details about the vulnerabilities on Monday
Vulnerabilities in Linux and Unix can be exploited to execute arbitrary code while the critical vulnerability in Realtek could be affecting networking devices, revealed the Indian Computer Emergency Response Team (CERT-In) on Monday.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
CERT-In released vulnerability notes for Linux, an open source operating system, Unix, a modular OS, and Realtek SDK, a software development kit.
In Linux and Unix
The path traversal vulnerability in Linux and Unix reportedly exists in the RarLab’s UnRAR utility tool. It can be exploited by attackers to execute arbitrary codes on the targeted systems.
Execution of arbitrary codes could allow attackers to gain access to sensitive information on the targeted system, compromising their security.
CERT-In noted that the vulnerability exists due to improper limitations in a pathname to a restricted directory.
RarLab, better known for developing WinRAR, shared on its website that the vulnerability does not affect WinRAR or Android RAR. It also released updates to fix the issue.
Hackers can exploit the vulnerability by sending crafted RAR files to a Zimbra server, thereby compromising their security, noted CERT-In’s release.
In Realtek SDK
A critical vulnerability has been reported in Realtek’s Software Development Kit (SDK).
Attackers could misuse the vulnerability to generate a buffer or a stack overflow on an affected device. This could allow attackers to fill memory space that is otherwise kept out of bounds when a program transfers memory from one place to another.
CERT-In noted that the vulnerability exists due to improper bounds checking by the SIP ALG function. This in turn could allow an attacker to gain access and execute their own code on the targeted system.
The zero-click vulnerability can be exploited by sending specially crafted SIP packets containing SDP, a format for sending multimedia communication sessions through a broad area network
Application of relevant updates, acknowledged by Realtek, was recommended to fix the vulnerability.
For all the latest Business News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
