CERT-In issues threat warning for high-severity vulnerabilities in Linux, Unix and Realtek SDKs

The Indian Computer Emergency Response Team (CERT-In) on Monday informed about the vulnerabilities

The Indian Computer Emergency Response Team (CERT-In) on Monday revealed that vulnerabilities in Linux and Unix can be used to execute arbitrary code, while a critical vulnerability in Realtek could affect networking devices.

(Sign up for today’s cache, our technology newsletter, for insights on emerging topics at the intersection of technology, business and policy. Click Here To subscribe for free.)

CERT-In released vulnerability notes for Linux, an open source operating system, Unix, a modular OS, and the Realtek SDK, a software development kit.

in Linux and Unix

A path traversal vulnerability in Linux and Unix reportedly exists in RarLab’s UnRAR utility tool. This can be exploited by attackers to execute arbitrary code on the target system.

Execution of arbitrary code could allow attackers to gain access to sensitive information on a target system, compromising their security.

CERT-in noted that the vulnerability exists due to improper ranges in the pathname of a restricted directory.

RarLab, better known for developing WinRAR, shared on its website that the vulnerability does not affect WinRAR or Android RAR. It also released an update to fix the problem.

The CERT-in release said that hackers could exploit the vulnerability by sending the generated RAR files to Zimbra servers, which could compromise their security.

in realtek sdk

A serious vulnerability has been reported in Realtek’s Software Development Kit (SDK).

Attackers can abuse the vulnerability to generate a buffer or stack overflow on the affected device. This can allow attackers to fill memory space that would otherwise be out of bounds when a program moves memory from one location to another.

CERT-In noted that the vulnerability exists due to improper bounds checking by the SIP ALG function. This in turn could allow an attacker to access and execute your code on the target system.

The zero-click vulnerability can be exploited by sending specially crafted SIP packets containing SDP, a format for sending multimedia communication sessions through a wide area network.

The application of relevant updates, which was accepted by Realtek, was recommended to fix the vulnerability.

CERT-In issues threat warning for high-severity vulnerabilities in Linux, Unix and Realtek SDKs

The Indian Computer Emergency Response Team (CERT-In) on Monday informed about the vulnerabilities

The Indian Computer Emergency Response Team (CERT-In) on Monday informed about the vulnerabilities

in Linux and Unix

in realtek sdk

Market Capitalisation of nine of top-10 most valued firms jumps ₹2.89 lakh crore; Reliance biggest winner

In PM’s Call With Team India, Special Thanks For Rahul Dravid

Inclusive, equitable development of all communities needed for Assam’s holistic growth: Governor Kataria

Heavy rains likely in Delhi, IMD issues orange alert till July 2

Devoleena Bhattacharjee’s Big Comment On Pregnancy Rumours: “It’s My Personal Space, You Aren’t Invited”

Nawazuddin Siddiqui Reveals Why He Worked As A Watchman Despite Having Money: ‘Meri Shakal Soorat Aisi…’ – News18

Pankaj Tripathi breaks silence on Pankaj Jha’s claims of romanticising his struggles

‘Land of Women’ series review: Eva Longoria-led family drama needs to do some soul-searching

Market Capitalisation of nine of top-10 most valued firms jumps ₹2.89 lakh crore; Reliance biggest winner

In PM’s Call With Team India, Special Thanks For Rahul Dravid

Inclusive, equitable development of all communities needed for Assam’s holistic growth: Governor Kataria

Heavy rains likely in Delhi, IMD issues orange alert till July 2