SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday July 3rd, 2025: sudo problems; polymorphic zip files; cisco vulnerablity
Jul 3, 2025
Local users can exploit a vulnerability in the Linux sudo command to gain root access, raising significant security concerns. The podcast also delves into polymorphic zip files, which can yield different data during extraction, depending on the tool used. Additionally, there's a critical flaw in Cisco's Unified Communications Manager that allows attackers to access devices using unchangeable default credentials. These discussions emphasize the importance of patching and understanding security vulnerabilities in modern software.
AI Snips
Chapters
Transcript
Episode notes
Sudo chroot Privilege Escalation
- Any local user can exploit a sudo vulnerability using the chroot option to gain root privileges.
- This risk exists regardless of any sudo rules configured for the user, making it extremely critical.
Polymorphic ZIP Archive Behavior
- ZIP files with corrupted directory records can extract different contents depending on the extraction tool.
- This inconsistency allows attackers to hide or alter file contents from different victims.
Mitigate ZIP File Parsing Risks
- Be consistent in ZIP file parsing implementations to avoid security risks.
- Avoid extracting or parsing ZIP files where directory records conflict to prevent exploitation.