SSD Advisory – Firefox JavaScript Type Confusion RCE

Credit to Author: SSD / Ori Nimron| Date: Sun, 14 Oct 2018 12:00:10 +0000

Vulnerabilities Summary A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write, which leads to remote code execution inside the sandboxed content process when triggered. Vendor Response The reported security vulnerability was fixed in Firefox 62.0.3 and Firefox ESR 60.2.2. CVE CVE-2018-12386 Credit Independent security researchers, … Continue reading SSD Advisory – Firefox JavaScript Type Confusion RCE

Read more

SSD Advisory – Firefox Information Leak

Credit to Author: SSD / Ori Nimron| Date: Tue, 09 Oct 2018 08:55:15 +0000

Vulnerabilities Summary A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Vendor Response “Security vulnerabilities … Continue reading SSD Advisory – Firefox Information Leak

Read more

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Credit to Author: SSD / Ori Nimron| Date: Thu, 04 Oct 2018 05:12:22 +0000

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to … Continue reading SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Read more

SSD Advisory – Android Printing Man in the Middle Attack

Credit to Author: SSD / Ori Nimron| Date: Tue, 02 Oct 2018 10:03:44 +0000

Vulnerabilities Summary Android 8.1 has introduced the new feature of a default printing service. This service, based on the very similar, freely available Mopria Alliance Print Service on the Google Play Store, suffers from a lack of validation which can lead to both man in the middle attacks and subsequent interception of print jobs, as … Continue reading SSD Advisory – Android Printing Man in the Middle Attack

Read more

SSD Advisory – IRDA Linux Driver UAF

Credit to Author: SSD / Ori Nimron| Date: Thu, 27 Sep 2018 11:23:40 +0000

Vulnerabilities Summary The following advisory describes two vulnerabilities in the Linux Kernel. By combining these two vulnerabilities a privilege escalation can be achieved. The two vulnerabilities are quite old and have been around for at least 17 years, quite a few Long Term releases of Linux have them in their kernel. While the assessment of … Continue reading SSD Advisory – IRDA Linux Driver UAF

Read more

SSD Advisory – ASUSTOR NAS Devices Authentication Bypass

Credit to Author: SSD / Ori Nimron| Date: Thu, 20 Sep 2018 03:41:42 +0000

Vulnerabilities Summary An ASUSTOR NAS or network attached storage is “a computer appliance built from the ground up for storing and serving files. It attaches directly to a network, allowing those on the network to access and share files from a central location”. In the following advisory we will discuss a vulnerability found inside ASUSTOR … Continue reading SSD Advisory – ASUSTOR NAS Devices Authentication Bypass

Read more

SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution

Credit to Author: SSD / Ori Nimron| Date: Thu, 23 Aug 2018 10:57:33 +0000

Vulnerabilities Summary The following advisory describes two vulnerabilities found in ElastiCenter, ElastiStor’s management console, File Injection that leads to unauthenticated remote code execution. ElastiCenter is the centralized management tool that you use to configure, monitor, manage, and deploy the services provided by CloudByte ElastiStor. ElastiCenter lets you: Use the Graphical User Interface to manage the … Continue reading SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution

Read more

SSD Advisory – VirtualBox VRDP Guest-to-Host Escape

Credit to Author: SSD / Ori Nimron| Date: Mon, 20 Aug 2018 06:00:52 +0000

Vulnerability Summary VirtualBox has a built-in RDP server which provides access to a guest machine. While the RDP client sees the guest OS, the RDP server runs on the host OS. Therefore, to view the guest OS the RDP client will make a connection to the host OS IP address rather than the guest OS … Continue reading SSD Advisory – VirtualBox VRDP Guest-to-Host Escape

Read more

SSD Advisory – Linux Kernel AF_PACKET Use After Free (packet_sock)

Credit to Author: SSD / Ori Nimron| Date: Wed, 15 Aug 2018 05:26:28 +0000

Vulnerability Summary UAF vulnerability in Linux Kernel’s implementation of AF_PACKET leads to privilege escalation. AF_PACKET sockets allow users to send or receive packets on the device driver level, which lets them implement their own protocol on top of the physical layer or sniffing packets including Ethernet and higher levels protocol and higher levels of the … Continue reading SSD Advisory – Linux Kernel AF_PACKET Use After Free (packet_sock)

Read more

SSD Advisory – Infiniband Linux Driver UAF

Credit to Author: SSD / Ori Nimron| Date: Thu, 02 Aug 2018 12:10:25 +0000

Vulnerability Summary A bug in the threads synchronization of Infiniband Driver can cause an Use After Free. A struct that is allocated and free’d by a thread, is accessible through a second thread. If the second thread is calling the function “idr_find” before the struct was free’d by the first thread, then he can still … Continue reading SSD Advisory – Infiniband Linux Driver UAF

Read more

SSD Advisory – LINE Corporation URI Handlers Remote Commands Execution

Credit to Author: SSD / Ori Nimron| Date: Sun, 29 Jul 2018 05:10:59 +0000

Vulnerabilities Summary LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software. A user clicking on a specially crafted link, can use this vulnerability to cause the user to insecurely load an arbitrary DLL which can be used to cause arbitrary code execution. Vendor Response “We released version 5.8.0 … Continue reading SSD Advisory – LINE Corporation URI Handlers Remote Commands Execution

Read more