Search the Community
Showing results for tags 'ndaq'.
I wanted to cross post metux's discovery here asap, and have a separate discussion. Metux's original post: The recent Linux driver package introduces a CRITICAL security vulnerability: http://www.ni.com/download/ni-linux-device-drivers-2018/7664/en/ It adds additional yum/zypper repos, but explicitly disabling package signing and using unencrypted HTTP transport. That way, it's pretty trivial to completely takeover the affected systems, by injecting malicious packages. DO NOT INSTALL THIS BROKEN SOFTWARE - IT IS DANGEROUS ! CERT and BSI are already notified.