Critical vulnerability in log4j library
A critical zero-day vulnerability in log4j has been discovered (known by the number CVE-2021-44228) with CVSSv3 score 10 out of 10. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related...
EGI CSIRT Security Challenge
EGI CSIRT site security contacts challenge was run on the 16th of November 2021. During the campaign, the EGI CSIRT sent an email with a unique reaction link to all site security contacts. The purpose of this type of challenge is to check the sites’ ability to respond...
New GÉANT learning module on IT forensics
GÉANT module, entitled IT Forensics for System Administrators encompasses 8 webinars on different aspects of IT forensics. The webinars start in November and end in January 2022. Some of the lectures will be presented by our EGI CSIRT member, Toby Tussa, an expert in...
Use-after-free privilege escalation vulnerability in Linux kernel (CVE-2021-3715)
High-risk vulnerability in Linux kernel's Traffic Control networking system has been found that can lead to a use-after-free condition. You can mitigate this vulnerability by disabling unprivileged network namespaces. Details about this vulnerability can be found in...
Sequoia Privilege escalation in Linux file system CVE-2021-33909
A vulnerability has been reported which may allow unprivileged users to gain root access, via the crafting of a long path name in the file system. Qualys have announced that their exploit has been released, therefore EGI CSIRT considers this vulnerability as critical...
Linux kernel vulnerability CVE-2021-22555 affecting RHEL/CentOS 8 and derivatives
There has been a Linux kernel vulnerability reported, enabling an out-of bounds write in net/netfilter/x_tables.c and escalation of privileges, affecting RHEL 8 and derivates. An advisory has been made public and is available on the SVG advisory page.
