Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
nerdculture.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
Be excellent to each other, live humanism, no nazis, no hate speech. Not only for nerds, but the domain is somewhat cool. ;) No bots in general. Languages: DE, EN, FR, NL, ES, IT

Administered by:

Server stats:

1.1K
active users

nerdculture.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#atop

0 posts0 participants0 posts today
Continued thread
Public
Jan Schaumann

Details about CVE-2025-31160 (memory corruption in #atop) are now available here: github.com/Atoptool/atop/issue

In a nutshell: atop at startup connects to local (non-privileged) TCP port 59123 where it expects certain data; if a regular user listens on that port, it can feed data to the next invocation of atop that can corrupt it.

The fix (github.com/Atoptool/atop/commi) is primarily "don't do that" with some attempt at better parsing of the untrusted data (by adding return code checking of `sscanf`).

GitHubHeap issues resulting in heap corruption and segmentation fault (CVE-2025-31160) · Issue #334 · Atoptool/atopBy Atoptool
Public
alip

I've just installed #atop on #sydbox #ctf server in case people want to explore exploiting the recent heap corruption. I don't trust jia tan enough to leave atop.service running as root though so the attack vector is limited. Sail with #ssh to syd.chesswob.org (user/pass: syd) or go to syd.chesswob.org although the #nodejs client is a bit more limited. See here for the #security issue, openwall.com/lists/oss-securit (tl;dr uninstall #atop asap!) and here for #sydbox #ctf ctftime.org/event/2178

syd.chesswob.orgSydB☮x CTF Server
Replied to Flippin' 'eck, Tucker!
Public
JdeBP

@losttourist

Might be excessive.

The #atop used in #FreeBSD is a different one to the one used by Linux distributions (& #NetBSD/#OpenBSD have no atop in ports/packages at all).

FreeBSD sysutils/atop in the ports tree uses a FreeBSD codebase maintained by Alex Samorukov. It has no kernel module/atopacctd.

freshports.org/sysutils/atop/

github.com/samm-git/atop-freeb

Arch/Debian instead track Gerlof Langeveld's atoptool, which has a kernel module/BPF hooks & an atopacctd.

packages.debian.org/source/sta

freshports.orgFreshPorts -- sysutils/atop: ASCII Monitor for system resources and process activityAtop is an ASCII full-screen performance monitor that is capable of reporting the activity of all processes (even if processes have finished during the interval), daily logging of system and process activity for long-term analysis, highlighting overloaded system resources by using colors, etc. At regular intervals, it shows system-level activity related to the CPU, memory, swap, disks, and network layers, and for every active process it shows the CPU utilization, the memory growth, priority, username, state, and exit code.
ExploreLive feeds
About