CVE-2023-42465: SUDO Affected by Stack/Register Flaw, OpenSSH, OpenSSL, and MySQL are Vulnerable
securityonline.info/cve-2023…
#CVE , #analysis
———
@islemolecule_source
securityonline.info/cve-2023…
#CVE , #analysis
———
@islemolecule_source
👍3❤2
Exploiting Linux kernel cls_tcindex network traffic classifier (CVE-2023-1829) Excellent writeup by Vu Thi Lan ( @lanleft_ )
https://starlabs.sg/blog/2023/06-breaking-the-code-exploiting-and-examining-cve-2023-1829-in-cls_tcindex-classifier-vulnerability/…
#CVE_analysis ,
https://starlabs.sg/blog/2023/06-breaking-the-code-exploiting-and-examining-cve-2023-1829-in-cls_tcindex-classifier-vulnerability/…
#CVE_analysis ,
👍1
In less than a couple of days, the first fixes for 0-day, discovered as part of the Pwn2Own Vancouver 2024 hacker competition, rolled out.
The first deals with out-of-bounds (OOB) writing (CVE-2024-29943) for remote code execution, and the second implements Mozilla Firefox sandbox escape via an untrusted function (CVE-2024-29944).
Mozilla says the first vulnerability could allow attackers to access a JavaScript object out of bounds by exploiting range-based bounds checking elimination on affected systems.
An attacker was able to perform an out-of-range read or write to a JavaScript object by tricking the elimination of range-based bounds checking.
The second flaw is described as privileged execution of JavaScript via event handlers, which could allow an attacker to execute arbitrary code in the parent process of the Firefox Desktop web browser.
Mozilla has fixed security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1, blocking potential remote code execution attacks that target unpatched browsers.
The speed is certainly encouraging, especially considering that after the Pwn2Own competition, vendors are usually in no hurry to release fixes, counting on a 90-day delay until Trend Micro's Zero Day Initiative reveals them publicly.
In addition to Mozilla Firefox, the researcher also successfully uncovered Apple Safari, Google Chrome and Microsoft Edge, whose suppliers are now also analyzing the essence of the problems and preparing their patches.
https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943
The first deals with out-of-bounds (OOB) writing (CVE-2024-29943) for remote code execution, and the second implements Mozilla Firefox sandbox escape via an untrusted function (CVE-2024-29944).
Mozilla says the first vulnerability could allow attackers to access a JavaScript object out of bounds by exploiting range-based bounds checking elimination on affected systems.
An attacker was able to perform an out-of-range read or write to a JavaScript object by tricking the elimination of range-based bounds checking.
The second flaw is described as privileged execution of JavaScript via event handlers, which could allow an attacker to execute arbitrary code in the parent process of the Firefox Desktop web browser.
Mozilla has fixed security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1, blocking potential remote code execution attacks that target unpatched browsers.
The speed is certainly encouraging, especially considering that after the Pwn2Own competition, vendors are usually in no hurry to release fixes, counting on a 90-day delay until Trend Micro's Zero Day Initiative reveals them publicly.
In addition to Mozilla Firefox, the researcher also successfully uncovered Apple Safari, Google Chrome and Microsoft Edge, whose suppliers are now also analyzing the essence of the problems and preparing their patches.
https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943
Mozilla
Security Vulnerabilities fixed in Firefox 124.0.1
🔥3👍1
" The Open Source Problem "
you have software on your machine right now that is running code from one of many similar "suspicious" accounts.
https://cybersecpolitics.blogspot.com/2024/04/the-open-source-problem.html
#CVE-2024-3094
you have software on your machine right now that is running code from one of many similar "suspicious" accounts.
https://cybersecpolitics.blogspot.com/2024/04/the-open-source-problem.html
#CVE-2024-3094
❤5👎4👍1
A Deep Dive into V8 Sandbox Escape Technique Used in In-The-Wild Exploit
We were analyzing an in-the-wild V8 vulnerability, CVE-2023–2033. Once we exploited the bug, it was not difficult to get typical exploit primitives such as addrof, read and write in V8 heap. The problem is that we need to escape the V8 sandbox in order to get code execution.
https://blog.theori.io/a-deep-dive-into-v8-sandbox-escape-technique-used-in-in-the-wild-exploit-d5dcf30681d4
# CVE-2023–2033 , #cve_analysis
We were analyzing an in-the-wild V8 vulnerability, CVE-2023–2033. Once we exploited the bug, it was not difficult to get typical exploit primitives such as addrof, read and write in V8 heap. The problem is that we need to escape the V8 sandbox in order to get code execution.
https://blog.theori.io/a-deep-dive-into-v8-sandbox-escape-technique-used-in-in-the-wild-exploit-d5dcf30681d4
# CVE-2023–2033 , #cve_analysis
👍7
Exploiting an io_uring Vulnerability in Ubuntu
https://blog.exodusintel.com/2024/03/27/mind-the-patch-gap-exploiting-an-io_uring-vulnerability-in-ubuntu/
#cve_analysis , #linux_internals , #CVE-2024-0582
This post discusses a use-after-free vulnerability, CVE-2024-0582, in io_uring in the Linux kernel. Despite the vulnerability being patched in the stable kernel in December 2023, it wasn’t ported to Ubuntu kernels for over two months, making it an easy 0day vector in Ubuntu during that time.
https://blog.exodusintel.com/2024/03/27/mind-the-patch-gap-exploiting-an-io_uring-vulnerability-in-ubuntu/
#cve_analysis , #linux_internals , #CVE-2024-0582
👍3
series on virtualization technologies and internals of various solutions (QEMU, Xen and VMWare)
Credit: @LordNoteworthy
[ 0 ] Intro: virtualization internals part 1 intro to virtualization
[ 1 ] VMWare: Virtualization Internals Part 2 - VMWare and Full Virtualization using Binary Translation
[ 2 ] Xen: Virtualization Internals Part 3 - Xen and Paravirtualization
[ 4 ] QEMU: Virtualization Internals Part 4 - QEMU
——-
related posts :
[ 0 ] Writing a simple 16 bit VM in less than 125 lines of C
[ 1 ] Write your Own Virtual Machine
[ 2 ] notes on vm and qemu escape exploit
[ 3 ] notes on VMware escape exploits by version
[ 4 ] Unpack VMProtect
#VM , #cve_analysis , #VM_internals
—-
https://t.iss.one/Source_byte
Credit: @LordNoteworthy
[ 0 ] Intro: virtualization internals part 1 intro to virtualization
[ 1 ] VMWare: Virtualization Internals Part 2 - VMWare and Full Virtualization using Binary Translation
[ 2 ] Xen: Virtualization Internals Part 3 - Xen and Paravirtualization
[ 4 ] QEMU: Virtualization Internals Part 4 - QEMU
——-
related posts :
[ 0 ] Writing a simple 16 bit VM in less than 125 lines of C
[ 1 ] Write your Own Virtual Machine
[ 2 ] notes on vm and qemu escape exploit
[ 3 ] notes on VMware escape exploits by version
[ 4 ] Unpack VMProtect
#VM , #cve_analysis , #VM_internals
—-
https://t.iss.one/Source_byte
❤6👍1😁1
Techniques Learned from the XZ Backdoor
https://medium.com/@knownsec404team/techniques-learned-from-the-xz-backdoor-74b0a8d45c30
#cve , #CVE_2024_3094
The IFUNC feature of GLIBC
Concealing characters using Radix Tree
Obtaining all dependency information
Hooking Functions from Other Dependency Libraries
https://medium.com/@knownsec404team/techniques-learned-from-the-xz-backdoor-74b0a8d45c30
#cve , #CVE_2024_3094
❤3
Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan
Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463
#cve #Exp #browser
Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan
Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463
#cve #Exp #browser
Getting RCE in Chrome with incorrect side effect in the JIT compiler
https://github.blog/2023-09-26-getting-rce-in-chrome-with-incorrect-side-effect-in-the-jit-compiler/
#cve #Exp #browser
In this post, I'll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
https://github.blog/2023-09-26-getting-rce-in-chrome-with-incorrect-side-effect-in-the-jit-compiler/
#cve #Exp #browser