GIFT a SubscriptionGift
HamberMenu
  1. Cricket
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon
  1. Cricket
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon

To enjoy additional benefits

GIFT a SubscriptionGift
ShowcaseCrossword+

CONNECT WITH US

year
Click here for our in depth coverage of Lok Sabha and Assembly elections

CERT-In issues threat alert for high severity vulnerabilities in Linux, Unix and Realtek SDK

The Indian Computer Emergency Response Team (CERT-In) revealed details about the vulnerabilities on Monday

August 23, 2022 04:22 pm | Updated 04:22 pm IST

Nabeel Ahmed
CERT-In issues threat alert for high severity vulnerabilities in Linux, Unix and Realtek SDK

CERT-In issues threat alert for high severity vulnerabilities in Linux, Unix and Realtek SDK | Photo Credit: AP

Vulnerabilities in Linux and Unix can be exploited to execute arbitrary code while the critical vulnerability in Realtek could be affecting networking devices, revealed the Indian Computer Emergency Response Team (CERT-In) on Monday.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

CERT-In released vulnerability notes for Linux, an open source operating system, Unix, a modular OS, and Realtek SDK, a software development kit.

In Linux and Unix

The path traversal vulnerability in Linux and Unix reportedly exists in the RarLab’s UnRAR utility tool. It can be exploited by attackers to execute arbitrary codes on the targeted systems.

Execution of arbitrary codes could allow attackers to gain access to sensitive information on the targeted system, compromising their security. 

CERT-In noted that the vulnerability exists due to improper limitations in a pathname to a restricted directory.

RarLab, better known for developing WinRAR, shared on its website that the vulnerability does not affect WinRAR or Android RAR. It also released updates to fix the issue.

Hackers can exploit the vulnerability by sending crafted RAR files to a Zimbra server, thereby compromising their security, noted CERT-In’s release.

In Realtek SDK

A critical vulnerability has been reported in Realtek’s Software Development Kit (SDK).

Attackers could misuse the vulnerability to generate a buffer or a stack overflow on an affected device. This could allow attackers to fill memory space that is otherwise kept out of bounds when a program transfers memory from one place to another. 

CERT-In noted that the vulnerability exists due to improper bounds checking by the SIP ALG function. This in turn could allow an attacker to gain access and execute their own code on the targeted system. 

The zero-click vulnerability can be exploited by sending specially crafted SIP packets containing SDP, a format for sending multimedia communication sessions through a broad area network 

Application of relevant updates, acknowledged by Realtek, was recommended to fix the vulnerability. 

Related stories

Related Topics

internet / technology (general) / cyber crime

Top News Today

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.