腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

Nicolas Krassas @Dinosn

[ Linux ] [remote] - OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading https://www.exploit-db.com/exploits/40963/

"OpenSSH< 7.4 agent 协议任意库加载（CVE-2016-10009）： https://t.co/WE9GVVdZDb"
Nicolas Krassas @Dinosn

[ Linux ] [local] - OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation https://www.exploit-db.com/exploits/40962/

"OpenSSH < 7.4 UsePrivilegeSeparation 被禁用情况下转发 Unix Domain Sockets 导致的提权漏洞（CVE-2016-10010）： https://t.co/EXlLo8gxUW"
Matt Graeber @mattifestation

[ Windows ] I wrote a parser to pull out ELAM driver approved anti-malware signer info: https://gist.github.com/mattifestation/7027c1ff29d699d69b87ad564d0ea6d5 Results from VT: https://gist.githubusercontent.com/mattifestation/7027c1ff29d699d69b87ad564d0ea6d5/raw/b14dd5eb8f187b92f91e277a137952be93ad4d7d/output.txt

"从 ELAM 驱动中提取杀软证书信息︰ https://t.co/1E0F6vkC5Z "