Podcast Detail

SANS Stormcast Thursday July 3rd, 2025: sudo problems; polymorphic zip files; cisco vulnerablity

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9512.mp3

Podcast Logo
sudo problems; polymorphic zip files; cisco vulnerablity
00:00

Sudo chroot Elevation of Privilege
The sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no sudo rules are defined for that user.
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

Polymorphic ZIP Files
A zip file with a corrupt End of Central Directory Record may extract different data depending on the tool used to extract the files.
https://hackarcana.com/article/yet-another-zip-trick

Cisco Unified Communications Manager Static SSH Credentials Vulnerability
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7

no transcript found