Blog post on why there is no such thing as a "root cause" in the context of complex systems failure.
The vulnerability that allowed the execution of arbitrary shell commands on the trunk server was introduced six years ago.
The article demonstrates with practical examples how insufficient user input validation leads to code execution vulnerabilities.
»BleedingTooth is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices.«
In this post, the author explains how he discovered a severe RCE in VMware vCenter and how an attacker can exploit it.