HackDig : Dig high-quality web security articles for hackers

Root Cause Analysis of a Heap-Based Buffer Overflow in GNU Readline

In the last blog post, we discussed how fuzzers determine the uniqueness of a crash. In this blog post, we discuss how we can manually triage a crash and determine the root cause. As an example, we use a heap-based buffer overflow I found in GNU readline 8.1 rc2, which has been fixed in the newest release. We use GDB and rr for time-travel debugging to deter
Publish At:2020-12-17 06:22 | Read:283 | Comments:0 | Tags:Breaking Misc disclosure fuzzing

VMware NSX-T MITM Vulnerability (CVE-2020-3993)

NSX-T is a Software-Defined-Networking (SDN) solution of VMware which, as its basic functionality, supports spanning logical networks across VMs on distributed ESXi and KVM hypervisors. The central controller of the SDN is the NSX-T Manager Cluster which is responsible for deploying the network configurations to the hypervisor hosts. This summer, I looked in
Publish At:2020-11-26 07:16 | Read:324 | Comments:0 | Tags:Breaking CVE-2020-3993 disclosure NSX-T VMware vulnerability

Vulnerabilities in GNU Readline Fixed

Recently I discovered some vulnerabilities in GNU Readline. These bugs have been fixed in GNU Readline version 8.1. The case of identifying the vulnerabilities was rather interesting. I wanted to fuzz another program and wrote a quick harness to test if my setup works. This test harness used GNU Readline to read input from stdin and passed the data along to
Publish At:2020-10-07 06:27 | Read:355 | Comments:0 | Tags:Breaking disclosure fuzzing

Unauthenticated File upload Vulnerability on Synology Sub-domain

In this post, you will learn about how I could find the unauthenticated file upload vulnerability in Synology and, according to Synology’s highest amount for website security bounty. Start Point to be noted, before I found this bug, I had also found a bug in their hardware device, which I’ll release soon. During performing the hardware devi
Publish At:2020-09-30 11:15 | Read:379 | Comments:0 | Tags:Disclosure Synology Security Synology vulneerability Unauthe

ERNW White Paper 69 – Safety Impact of Vulnerabilities in Insulin Pumps

With this blog post I am pleased to announce the publication of a new ERNW White Paper [1]. The paper is about severe vulnerabilities in an insulin pump we assessed during project ManiMed and we are proud to publish this subset of the results today. Manipulating Medical Devices The German Federal Office for Information Security (BSI), in its role as the Fed
Publish At:2020-09-11 09:06 | Read:525 | Comments:0 | Tags:Breaking disclosure ERNW white paper medical

Medical Device Security: HL7v2 Injections in Patient Monitors

Digital networking is already widespread in many areas of life. In the healthcare industry, a clear trend towards networked devices is noticeable, so that the number of high-tech medical devices in hospitals is steadily increasing. In this blog post, we want to elucidate a vulnerability we identified during the security assessment of a patient monitor. The d
Publish At:2020-05-03 08:57 | Read:1027 | Comments:0 | Tags:Breaking disclosure medical

Jenkins – Groovy Sandbox breakout (SECURITY-1538 / CVE-2019-10393, CVE-2019-10394, CVE-2019-10399, CVE-2019-10400)

Recently, I discovered a sandbox breakout in the Groovy Sandbox used by the Jenkins script-security Plugin in their Pipeline Plugin for build scripts. We responsibly disclosed this vulnerability and in the current version of Jenkins it has been fixed and the according Jenkins Security Advisory 2019-09-12 has been published. In this blogpost I want to report
Publish At:2019-09-20 12:15 | Read:1411 | Comments:0 | Tags:Breaking advisory Break Out disclosure vulnerability

DameWare Vulnerability

In course of a recent research project, I had a look at SolarWinds DameWare, which is a commercial Remote Access Software product running on Windows Server. I identified a remote file download vulnerability in the download function for the client software that can be exploited remotely and unauthenticated and that allows to download arbitrary files from the
Publish At:2016-10-06 15:45 | Read:4471 | Comments:0 | Tags:Insecurity Security DameWare Disclosure SolarWinds Vulnerabi

Ruckus Raucous: Finding Security Flaws in Enterprise-Class Hardware

Wireless routers designed for consumers often do not employ proper security practices.This topic was extensively covered in VERT’s 2014 report, “SOHO Wireless Router (In)security.” Our research revealed that 74% of the 50 top-selling consumer routers on Amazon shipped with security vulnerabilities, including 20 different models where the latest firmware from
Publish At:2016-08-03 13:00 | Read:16625 | Comments:0 | Tags:Featured Articles Security Awareness Vulnerability Managemen

The Internet of Toys: Child Safety and Public Disclosure

As Christmas approaches, like most parents and grandparents, I set off shopping with my wife to seek out suitable presents to drop into Santa’s sack for the festive season of giving.My granddaughter loves nothing more than to get her little hands on an iPad (on which she stabs around under supervision) to enjoy some of the rich entertainment hosted on
Publish At:2015-12-04 16:35 | Read:5628 | Comments:0 | Tags:Featured Articles Security Awareness Children disclosure Saf

R7-2015-17: HP SiteScope DNS Tool Command Injection

This is a vulnerability advisory for the HP SiteScope DNS Tool Command Injection vulnerability, made in accordance with Rapid7's disclosure policy. Summary Due to a problem with sanitizing user input, authenticated users of HP SiteScope running on Windows can execute arbitrary commands on affected platforms as the local SYSTEM account. While it is
Publish At:2015-10-09 21:05 | Read:4389 | Comments:0 | Tags:exploit disclosure hp sitescope

Security company sues to bar disclosure related to its own flaws

FireEye is a publicly traded security firm that regularly finds and reports vulnerabilities in Adobe Flash and Apple's iOS and Google's Android operating systems. But when security researcher Felix Wilhelm found five critical flaws in FireEye's Malware Protection System, the company sued to obtain an injunction barring the disclosure of some of the techn
Publish At:2015-09-11 14:50 | Read:3791 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab disclosure exp

Publication of OS X Yosemite Zero-Day Highlights Importance of Responsible Disclosure

A security researcher has published a zero-day vulnerability found in the newest versions of OS X Yosemite apparently out of protest to Apple’s irresponsible behavior when it comes to patching its software for vulnerabilities.In a post published on his blog (to which we have deliberately not provided a link for security reasons), researcher Stefan Esse
Publish At:2015-07-28 07:55 | Read:3373 | Comments:0 | Tags:Latest Security News Apple disclosure OS Yosemite

Responding to Third Party Vulnerabilities

We are now more than one year on from the release of HeartBleed, the first major vulnerability disclosed in widely used third-party code. This is an excellent point in time to look back at what Cisco and our customers have achieved since, including how the Cisco Product Security Incident Response Team (PSIRT) has evolved to meet this new type of threat. It’s
Publish At:2015-06-18 17:40 | Read:3145 | Comments:0 | Tags:Security disclosure psirt security vulnerabilities

Vulnerability disclosure the good and the ugly

By Cesar Cerrudo @cesarcerI can't believe I continue to write about disclosure problems. Morethan a decade ago, I started disclosing vulnerabilities to vendors and working withthem to develop fixes. Since then, I have reported hundreds of vulnerabilities.I often think I have seen everything, and yet, I continue to be surprised overand over again. I wro
Publish At:2015-06-09 10:35 | Read:3835 | Comments:0 | Tags:cesar cerrudo disclosure hacking security fixes software vul

Tools

Tag Cloud