Privilege escalation vulnerabilities in VMWare
Vulnerabilities CVE-2021-22040 and CVE-2021-22041 have been reported for the following programs: VMware ESX 6.5, 6.7, 7.0VMware Workstation 16.x < v16.2.1VMware Fusion 12.x < v12.2.1 Updates are available that contain a fix for those vulnerabilities. Details can...
Linux kernel dirtypipe vulnerability – CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw...
EGI CSIRT on Thematic CERN School on Security
Thematic CERN school of computing is taking place in Split from 19th to 25th of June 2022, EGI CSIRT prepared some interesting lectures and security exercises on Security Operations, Architecture security, Risk assessment, Logging and Traceability, Cloud and container...
Crypto miners
The EGI CSIRT has recently had several reports of malicious activities, where parts of infrastructures have been infected with cryptomining software. Crypto miners are tools that generate cryptocurrency, like Bitcoin. As these can generate profit relatively easily, it...
Vulnerabilities in Slurm’s authentication handling
Slurm has fixed 3 vulnerabilities in their new release, including CVE-2022-29500 in the authentication handling which may allow un unprivileged user to impersonate the SlurmUser account. This vulnerability is considered as critical. The fix is available in versions...
EGI CSIRT meeting in Lyon
From 23rd to 24th of May 2022, IN2P3 computing centre in Lyon will host the next EGI CSIRT F2F meeting, where we will discuss our operational tasks, prepare the content for the upcoming trainings and verify our security procedures and policies. Other security topics...
