Collaborate Disseminate
We use a Python web framework and gunicornlibrary on top of Docker to power a web application with a frontend in a private cloud that can be accessed by a private network. Our security tools report many libc vulnerabilities for the Debian-… Continue reading Are libc security vulnerabilities in a Python web application actually exploitable in a private cloud environment?
The Linux dynamic linker includes a mechanism of dynamically loading arbitrary code into every process using the LD_PRELOAD environment variable and the /etc/ld.so/preload file. This sounds dangerous and is dangerous. As a recent example, … Continue reading Why isn’t LD_PRELOAD disabled by default in Linux?
I am trying to do a returntolibc exploit. The goal is to gain a shell with root privilege by calling setuid(0) and then system("/bin/sh"). I have been agonizing over trying to get this thing to accept my payload, but bash keeps d… Continue reading Bash deletes null bytes in exploit input for ROP/returntolibc
There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. This one’s a real rollercoaster, because logging vulnerabilities are always scary, but at a first look, it seems nearly …read more Continue reading This Week in Security: Glibc, Ivanti, Jenkins, and Runc
This is with reference to Max Kamper’s video on GLIBC heap exploitation and these articles I read
https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i
https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i/house-of-force-ii
… Continue reading Questions on GLIBC Heap Exploitation (House of Force)
This is with reference to Max Kamper’s video on GLIBC heap exploitation and these articles I read
https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i
https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i/house-of-force-ii
… Continue reading Questions on GLIBC Heap Exploitation (House of Force)
This is with reference to Max Kamper’s video on GLIBC heap exploitation and these articles I read
https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i
https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i/house-of-force-ii
… Continue reading Questions on GLIBC Heap Exploitation (House of Force)
I stumbled across a vulnerability considered a critical security risk (CVE-2023-25139) in one of container images I build.
Debian’s security tracker states it’s fixed: https://security-tracker.debian.org/tracker/CVE-2023-25139 – specifical… Continue reading Debian’s security tracker says a CVE is fixed, while BlackDuck scanner detects it
Let’s assume we have this simple program:
void main() {
int x;
printf("%p", &x);
}
Assuming the stack is mapped something like this:
0x007ffffffdd000 0x007ffffffff000 0x00000000000000 rw- [stack]
I might get an outp… Continue reading Where do stack pointer differences to stack base originate from on Linux?
According to docs:
To hash a new passphrase for storage, set salt to a string consisting of [a prefix plus] a sequence of randomly chosen characters …
and
In all cases, the random characters should be chosen from the alphabet ./0-9A-Z… Continue reading Why GNU libc’s salt alphabet for `crypt` is limited to ./0-9A-Za-z?