Hello, welcome to the Tuesday, May 14th, 2019 edition of the San San Bernard Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from San Diego, California.

A few weeks ago, developers patched a use-after free vulnerability in the Linux kernel that could lead to remote command

execution using some specifically crafted TCP packets. Details regarding this

vulnerability hadn't been released until now apparently it does affect the RDS TCP

Kill socket implementation.

Now it's usually a use of to clean up the namespace after a connection is being terminated.

Not terribly clear how this would be exploited, it's also not really likely to be exploited

according to the release and there is no proof of concept available at this point.

So I wouldn't very too much about it, apply patches as they come out.

Any Linux kernel before 508 is likely vulnerable.

And if we got two new vulnerabilities in Cisco's iOS XE.

Now the first one of these vulnerabilities is sort of your standard web application vulnerabilities.

A user that's logged in as administrator to the web UI is able to execute arbitrary code as root on the device.

Even the administrator isn't really supposed to do this.

Now, and what makes this sort of a big deal is the second vulnerability.

The second vulnerability allows a user logged in to the device as a route to actually

bypass the Cisco Trust Anchor module.

Also known as TAM, this proprietary hardware security module is in charge of actually making

sure that the firmware

then being loaded on the device as its boot is authentic.

But apparently Cisco didn't implement this module correctly, so the result is that a root

...