HackerTrans
トップ新着トレンドコメント過去質問紹介求人

kro

no profile record

投稿

CVE-2026-42530 – Nginx HTTP3/QUIC Use-After-Free

my.f5.com
7 ポイント·投稿者 kro·23 日前·4 コメント

AWS to also block ipcomp and xfrm modules in DirtyFrag mitigation

aws.amazon.com
1 ポイント·投稿者 kro·2 か月前·1 コメント

コメント

kro
·23 日前·議論
Only 1.31.0 and 1.31.1 are affected.
kro
·23 日前·議論
These commits [1] are related to the issue. I am not too familiar with the code, but it appears nginx manages/closes streams in a pool at times the attacker cannot control, and during short windows, it is vulnerable.

[1]:

https://github.com/nginx/nginx/commit/ceccdbd2ee799d020a371b...

https://github.com/nginx/nginx/commit/9e293766e73c469c015df5...
kro
·27 日前·議論
I did that for a while because of compatibility issues with a newer laptop, it works but generally if there is no reason it's way easier to stay with the provided packages. Compiling weekly due to security patches becomes annoying over time for no real gain other than the version number
kro
·27 日前·議論
mysql/maria also lets you turn off/down the isolation level for queries if you know the guarantees aren't needed, to speed things up. I think postgres does not have that option.
kro
·2 か月前·議論
I've been receiving loads of spam from google MX servers lately until blocking all mails with X-Google-Group-Id headers. I don't know how it's possible, the contents were 100% spammer controlled, no Google template
kro
·2 か月前·議論
You are correct.

Reminds me, we once got a letter by a German government body requesting some data exports from our company, and to upload them on findrive-ni.de

It turned out to be legit, but it's neither a subdomain of the state of Niedersachsen domain nor referenced in their official sites.
kro
·2 か月前·議論
That also often shoots you as when json_encoding it only becomes an array when ordered "correctly" (numeric 0-based keys without gaps), otherwise an object. So to be safe you generally need to array_values after filtering. If in your testdata you only remove elements from the end you don't catch that before production data hits.

To get the first element there also is reset().

I love PHP though.
kro
·2 か月前·議論
Sounds good - which software supports this? Specifically I'd prefer if it would do a composite key derivation in-time rather than "just a pw prompt but TPM has the full key"
kro
·2 か月前·議論
Ubuntu also released TPM based FDE a few versions ago. I had these thoughts then and decided against using it. Typing my passphrase on boot is muscle memory and gives me simple security I can trust.

Also can recover data without my mainboard.

Maybe a hybrid (secureboot-TPM+phrase) slot for day to day to also prevent against evil maid attacks, and another slot with a backup passphrase would be acceptable.
kro
·2 か月前·議論
No remotely reachable vuln should be taken lightly.

At the moment though, the preconditions look odd. I've been using nginx in various constellations for 10 years and never once combined rewrite and set.
kro
·2 か月前·議論
However, some privs can be gained in namespaces/unshare.
kro
·2 か月前·議論
It says coordinated distro release today, and I've received a notice earlier today but that does not include the CVE number. That's confusing / does not seem very coordinated to release 2 separate security update notices in a day.

https://lists.debian.org/debian-security-announce/2026/msg00...
kro
·2 か月前·議論
Next easy attack vector is (non-rootless) docker run with rootfs mount, many are in docker group even when sudo is protected. Also, most sensitive data is in the user scope anyways (on a PC).

You should always run dev stuff in containers to start with. And when your system is compromised, reprovision from a higher scope, too many places to hide backdoors
kro
·2 か月前·議論
So far all the information suggested to disable esp and rxrpc modules.

This bulletin suggest that more modules are necessary for complete mitigation
kro
·2 か月前·議論
Containers, even with root user, are often stripped of these capabilities unless --privileged
kro
·2 か月前·議論
VPN usage increased, but how to they draw the conclusion that this is children. I think it's more likely that adults are using VPNs to not have to deal with the ID process. I would do that.

As VPNs usually cost some money, which is already a barrier for minors.
kro
·2 か月前·議論
CAP_NET/SYS_ADMIN is required for this. So this would be "not as bad" as the others.
kro
·2 か月前·議論
It's scary to think that some day it will be more than a local attack vector. I don't want to imagine the fallout from a remote rce via tcp/ip.
kro
·2 か月前·議論
These copyfail exploits allow an unprivileged (daemon/app) user (not in sudoers) to get root without interaction from the original system maintainer.

It's quite different from PATH-injecting an already privileged user.

Also, these memory corruptions can likely be used as container escape primitives too. Albeit not easily.

It's a serious break of a security boundary. Yes, container layer adds defense, and normal unix security isn't perfect, but it should not allow this.
kro
·2 か月前·議論
Maybe it would be reasonable for sysadmins to proactively whitelist used / block all exotic unused modules that are not needed in their system configuration.

This would reduce the amount of ring 0 code. But I've never seen such advice.