1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This software relic from the CD era could put your entire PC at r

    From TechnologyDaily@1337:1/100 to All on Sat Oct 14 12:30:05 2023
    This software relic from the CD era could put your entire PC at risk

    Date:
    Sat, 14 Oct 2023 12:12:56 +0000

    Description:
    The way Linux handles .cue files could spell trouble, a researcher found.

    FULL STORY ======================================================================

    If, for whatever strange reason, you find yourself in need of running .cue files on a Linux environment with a GNOME desktop, be careful. The files
    could be marred with malicious code that allows threat actors to execute code on the target endpoint .

    The warning was issued by GitHub after the software development platform recently disclosed the existence of a memory corruption flaw in the libcue library which parses cue sheets.

    Its being tracked as CVE-2023-43641, and while not yet official, it comes
    with a severity score of 8.8 (High). Testing the flaw

    Cue files are metadata files used to describe tracks found in a CD, or a DVD. GNOME desktops, ArsTechnica explains, have a tracker miner that automatically updates when file locations in a users home directory change. Should a user download a cue sheet with malicious code, GNOMEs indexing tracker would run
    it and execute the code, essentially compromising the endpoint.

    Luckily, a patch is already available, so Linux users with GNOME-based distributions should apply it to secure their endpoints, as soon as possible. The earliest secure version is 2.3.0.

    GitHub Security Lab member, Kevin Backhouse, recorded a video to show how the bug works, but hasnt released a proof-of-concept (PoC) just yet, Ars Technica further explained. Users can test their systems for the vulnerability via a test cue sheet Backhouse developed which shouldnt cause too much trouble
    other than a benign crash.

    Backhouse is known for discovering vulnerabilities in Linux. Before finding CVE-2023-43641, he discovered flaws allowing standard users to become admins with just a few commands, and a Polkit flaw that grants attackers root
    access. Although making up but a tiny portion of the overall OS market, Linux is a loved and widely used operating system, especially among servers, IoT gear, and mobile devices. More from TechRadar Pro Major Linux distros
    targeted by hackers exploiting this significant flaw Here's a list of the
    best firewalls today These are the best malware removal tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-software-relic-from-the-cd-era-cou ld-put-your-entire-pc-at-risk


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)