SANS Stormcast Thursday July 3rd, 2025: sudo problems; polymorphic zip files; cisco vulnerablity
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 3 July 2025
⏱️ 5 minutes
🧾️ Download transcript
Summary
Sudo chroot Elevation of Privilege
The sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no sudo rules are defined for that user.
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
Polymorphic ZIP Files
A zip file with a corrupt End of Central Directory Record may extract different data depending on the tool used to extract the files.
https://hackarcana.com/article/yet-another-zip-trick
Cisco Unified Communications Manager Static SSH Credentials Vulnerability
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Thursday, July 3rd, 2025 edition of the Sans Internet Storm Center's |
| 0:08.1 | Stormcast. My name is Johannes Ulrich and this episode is brought to you by the Sans.edu |
| 0:15.9 | batches degree program in Applied Cybersecurity and it is recorded in Berlin, Germany. |
| 0:24.3 | Well, sadly, to start out with, we do have a new vulnerability in the good old Linux command, |
| 0:29.6 | Sudo. |
| 0:30.8 | This vulnerability was found by Rich Merch with Strata Scale. |
| 0:36.3 | It is relatively easy to exploit. Rich also as part of his blog posts, did provide |
| 0:43.3 | proof of concept exploit for this particular wantability. |
| 0:48.2 | Patches have been made available for all current Linux distributions. |
| 0:52.7 | As far as I can tell, some of the older ones are actually |
| 0:56.1 | not vulnerable as this particular vulnerability was introduced in a more recent version of |
| 1:02.1 | pseudo. The problem with this vulnerability is the change route option. Now, the route in change |
| 1:08.9 | route, of course, has nothing to do with the root user. |
| 1:11.9 | It's meant to run the command in a more restricted environment. |
| 1:16.6 | The problem is that that may give the person running the command actually the ability to map |
| 1:23.1 | some files that the user may change to files that the pseudo will then use and execute, |
| 1:31.3 | and that's sort of really the problem that has to be addressed in the patch for this vulnerability. |
| 1:39.3 | Again, proof of concept export is available, exploitation isn't all that difficult, not 100% clear which exact version |
| 1:47.4 | and distribution is vulnerable or not vulnerable. |
| 1:50.0 | But in order to exploit the vulnerability, an attacker would just need to have access to any account on the system. |
| 1:59.3 | The attacker does not need to have access to an account |
| 2:02.7 | with some kind of restricted pseudo privileges. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.