Author: sid

Posted on

[EN] VeeamVixProxy 0day (CVE-2015-5742)

Pasquale `sid` Fiorillo, Francesco `ascii` Ongaro from ISGroup, an Italian Security firm, and Antonio `s4tan` Parata from ush team, have released a critical security advisory for any version of Veeam Backup & Replication prior to 8 Update 3.

The issue potentially involves 157,000 customers and 9.1 million Virtual Machines worldwide and could lead to full Domain Administrator compromise of the affected infrastructures.

Veeam Software provides backup, disaster recovery and virtualization management software for the VMware and Hyper-V environments.

Posted on

[EN] PGP: merging subkeys and primary private key

Work dir

$ mkdir keys1
$ mkdir keys2

Export private key

$ cd keys1
$ gpg --export-secret-keys  | gpgsplit
$ cat * | gpg --list-packets

Get subkeys

$ cd keys2
$ cp /path/to/backup/with/subkeys/privatekey.pgp ./
$ cat privatekey.pgp | gpgsplit
$ cat * | gpg --list-packets

Assemble the new key

$ cd..
$ cat keys1/000001-005.secret_key keys1/000002-013.user_id keys1/000003-002.sig keys2/000006-007.secret_subkey keys2/000007-002.sig > finalkey.pgp

Import

$ gpg --delete-secret-and-public-keys 
$ gpg --import finalkey.pgp