The OpenSSH client has a lot of very powerful features for tunneling applications through a SSH connections and is one of my favorite tools for quick-and-dirty network plumbing tasks. It can be very useful for fixing/bypassing connectivity issues (caused by NATs, firewalls), accessing internal networks. This post is an overview of the different tunneling options available in OpenSSH. This is inteded as a reference to use when I am explaining (every so often) how to use SSH for tunneling.
Arbitrary code execution through kitty-open.desktop file association
にゃあにゃあ
Published:
In Debian kitty package, the kitty-open.desktop file would associate kitty +open with several MIME types. This could be used to arbitrary trigger code execution by serving a file with such a MIME type.
This has been introduced in kitty in 73a197fcd (2022-02-06) released as part of v0.24.3. This has been fixed in v0.26.5-5 of the Debian kitty package. Fixed upstream in 537cabca7 released in v0.29.0. Other distributions such as Ubuntu Lunar are still impacted.
Shell command and Emacs Lisp injection in emacsclient-mail.desktop
Published:
Shell command injection and Emacs Lisp injection vulnerabilities in one of the Emacs Desktop Entry (emacsclient-mail.desktop) leading to arbitrary code execution through a crafted mailto: URI.
Arbitrary file write in Stellarium file association
Published:
I found an arbitrary file write vulnerability (through path traversal) which would be exploited for arbitrary code execution in Stellarium (desktop version).
Using a Kap&Link smart card reader with CPS3 smart cards on Linux
Published:
Tutorial on how to get Carte Professionnel de Santé 3 (CPS3) smart cards work with Firefox under Linux with a Kap&Link smart card reader. It has some information to understand the related lingo, how the different components interact and how you might try to enable support for a PC/SC (Personal computer/Smart Card) / CCID (Chip/Smart Card Interface Devices) smart card reader which is not supported by the driver.