Pi-Hole Remove Commands Linux Privilege Escalation

-
Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.

from Packet Storm https://ift.tt/3fd99T8

Comments

Post a Comment

Popular posts from this blog

Modern Radio Receiver Architecture: From Regenerative to Direct Conversion

-
Image
Modern radio receivers have a distinct advantage over the common early designs which I covered in my previous article . Most of the receivers you will have worked with over the past couple decades are designs by Edwin Armstrong ; regenerative, superregenerative, or most commonly superheterodyne. These are distinguished by a few fascinating key traits that bring both benefits and drawbacks. Today let’s dive into Mr. Armstrong’s receivers. I’ll also talk about DC receivers which, despite the name, are not made to listen to batteries. These are receivers you are much more likely to encounter in modern equipment. Regenerative and Superregenerative The regenerative receiver is all about doing more with less. You still see some of these in simple applications like RF remote controls. The idea derives from how an oscillator works. In a simple way of thinking, an oscillator is an amplifier with enough positive feedback that any tiny signal at the right frequency will amplify and then, throu...
Get this one»

Build this Cyberdeck in a Cave with a Box of Scraps

-
Image
Desktop 3D printing has been a big enabler for the cyberdeck community, as it’s allowed individuals to create unique frames and enclosures which would have been far more difficult and time consuming to produce using traditional methods. But what if you don’t have access to a well-stocked workspace, and need to do your building with the bare minimum of equipment? In that case, [ALX] recently put together a minimalistic design that can be assembled with off-the-shelf components and basic tools. It’s the ideal cyberdeck for the neophyte, as all the parts are widely available and relatively inexpensive. While it might not be a customized as something with a fully 3D printed frame, we think it nails the look and utility that are the hallmarks of a proper deck. The key to this build is the SmartiPi Touch case, which puts the Raspberry Pi and touch screen on a hinged panel. These hinges happen to be compatible with GoPro-style mounts, so with a few extension pieces, the panel can be lifted...
Get this one»

Join the Movement with this Mini Cyberdeck

-
Image
The global pandemic has given many people a lot more time at home, which has undoubtedly pushed an untold number of projects over the finish line. Unfortunately, it’s also disrupted global commerce and shipping to the point that getting parts can be a lot harder than we’d like. Which is why [facelesstech] decided to put together this exceptionally mobile cyberdeck out of things he already had laying around . Now to be fair, his parts bin is perhaps a bit better stocked for this kind of thing than most. He’s built a couple of Raspberry Pi portables already, so the Pi Zero W, display, and battery management board were already kicking around. He just had to come up with a new 3D printed enclosure that holds it all together with a little bit of cyberpunk flair. To that end, he’s done an excellent job of documenting the build and has released the STL files for the 3D printed components. All things considered, we’d say this is probably the most approachable cyberdeck design currently avail...
Get this one»