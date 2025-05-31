news
Security and FUD Leftovers
Pen Test Partners ☛ Fire detection system been pwned? You’re not going to sea
TL;DR Hardcoded SSH and VNC credentials found on Consilium Salwico CS5000 panels SSH access allows OS-level interaction, and VNC access gives UI control
LWN ☛ Local vulnerabilities in Kea DHCP
The SUSE Security Team has published a detailed report about security vulnerabilities it discovered in the Kea DHCP server suite from the Internet Systems Consortium (ISC).
Since SUSE is also going to ship Kea DHCP in its products, we performed a routine review of its code base. Even before checking the network security of Kea, we stumbled over a range of local security issues, among them a local root exploit which is possible in many default installations of Kea on GNU/Linux and BSD distributions. [...]
Dark Reading ☛ PumaBot Targets Linux Devices in Latest Botnet Campaign [Ed: "brute-force logins on port 22" means the issue here is not Linux but bad passwords]
When the malware first retrieves a list of IP addresses from the C2 server, it chooses devices most likely to have open SSH ports. It then uses credentials also taken from the C2 to attempt brute-force logins on port 22.
Attacks with new Pumabot botnet hit Linux IoT devices
Internet of Things devices running on Linux have been targeted by the newly emergent PumaBot botnet in SSH brute-force attacks, according to Security Affairs.
Qualys ☛ Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598
The Qualys Threat Research Unit (TRU) has discovered two local information-disclosure vulnerabilities in Apport and systemd-coredump.
Both issues are race-condition vulnerabilities. The first (CVE-2025-5054) affects Ubuntu’s core-dump handler, Apport, and the second (CVE-2025-4598) targets systemd-coredump, which is the default core-dump handler on Red Hat Enterprise Linux 9 and the recently released 10, as well as on Fedora. These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump.
