IoT riddled with BadAlloc vulnerabilities

Credit to Author: Pieter Arntz| Date: Fri, 30 Apr 2021 12:05:56 +0000

A set of memory allocation vulnerabilities, dubbed BadAlloc, has been found in a massive number of IoT and OT devices.

Categories: Reports

Tags:

(Read more…)

The post IoT riddled with BadAlloc vulnerabilities appeared first on Malwarebytes Labs.

Read more

SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow

Credit to Author: SSD / Ori Nimron| Date: Sun, 02 Dec 2018 13:08:59 +0000

Vulnerabilities Summary QuartzCore ( https://developer.apple.com/documentation/quartzcore ), also known as CoreAnimation, is a framework use by macOS and iOS to build an animatable scene graph. CoreAnimation uses a unique rendering model where the graphics operations are run in a separate process. On macOS, the process is WindowServer and on iOS the name is backboardd. Both of … Continue reading SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow

Read more

SSD Advisory – Python Bytecode Disassembler and Decompiler (pycdc) Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Sun, 04 Feb 2018 12:03:20 +0000

Vulnerabilities summary The following advisory describes 12 (twelve) vulnerabilities found in Python Bytecode Disassembler and Decompiler (pycdc). Python Bytecode Disassembler and Decompiler (pycdc) “aims to translate compiled Python byte-code back into valid and human-readable Python source code. While other projects have achieved this with varied success, Decompyle++ is unique in that it seeks to support … Continue reading SSD Advisory – Python Bytecode Disassembler and Decompiler (pycdc) Multiple Vulnerabilities

Read more

SSD安全公告–GraphicsMagick多个漏洞

Credit to Author: SSD / Maor Schwartz| Date: Tue, 21 Nov 2017 08:58:38 +0000

漏洞概要 以下安全公告描述了在GraphicsMagick中发现的两个漏洞。 GraphicsMagick是“图像处理方面的瑞士军刀。 基础包中的源码共有267K行(根据David A. Wheeler统计),它提供了强大而有效的工具和库,支持读,写超过88种主要图像处理格式,包括DPX,GIF,JPEG,JPEG-2000,PNG,PDF,PNM和TIFF等重要格式。 在GraphicsMagick中发现的两个漏洞是: 内存信息泄露 堆溢出 漏洞提交者 一位独立的安全研究人员Jeremy Heng(@nn_amon)和Terry Chia(Ayrx)向 Beyond Security 的 SSD 报告了该漏洞 厂商响应 厂商已经发布了这些漏洞的补丁(15237:e4e1c2a581d8 and 15238:7292230dd18)。获取更多信息: ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt 漏洞详细信息 内存信息泄露 GraphicsMagick易受到magick/describe.c文件的DescribeImage函数中存在内存信息泄露漏洞影响。 负责打印包含的IPTC配置文件信息的图像中的这一部分代码存在漏洞。 该漏洞可以通过特制的MIFF文件触发。 存在漏洞的代码路径如下: [crayon-5a14a6571e4e8110629866/] profile_length变量中的值在MIFF头中的profile-iptc = 8字段设置 当访问profile [i]时,因为不检查i的值,所以会出现越界访问。 如果断在describe.c第738行,在执行strncpy操作的时候我们可以获取到堆中的内容。 [crayon-5a14a6571e4f3204539767/] 0x08000a001c414141是我们植入MIFF文件中的payload。 [crayon-5a14a6571e4f8559265142/] 检查与payload相邻的值0x00007ffff690fba8,发现它其实是libc中main_arena结构中的一个地址。 [crayon-5a14a6571e4fc975205403/] 现在我们可以计算到libc base的偏移量 – 0x3c4b98 漏洞证明 $ python miff/readexploit.py [+] Starting local process ‘/usr/bin/gm’: pid … Continue reading SSD安全公告–GraphicsMagick多个漏洞

Read more

SSD Advisory – GraphicsMagick Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Tue, 31 Oct 2017 17:25:29 +0000

Vulnerabilities summary The following advisory describes two (2) vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler’s SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and … Continue reading SSD Advisory – GraphicsMagick Multiple Vulnerabilities

Read more

SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

Credit to Author: SSD / Maor Schwartz| Date: Wed, 09 Aug 2017 10:47:48 +0000

Vulnerability Summary The following advisory describes a JavaScript execMenuItem off-by-One heap buffer overflow, that can potentially lead to Remote Code Execution, found in Adobe Reader DC version 15.23.20056.213124. Credit An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response The vendor has released patches to address … Continue reading SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

Read more

SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Tue, 23 May 2017 06:41:53 +0000

Vulnerabilities Summary The following advisory describes six (6) vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing (OLTP) data server for enterprise and workgroup computing. IBM Informix Dynamic Server has many features that cater to a variety of user groups, including developers and … Continue reading SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities

Read more