glibc – WindowsTechs.com

Does libc security vulnerabilities in a python web application are actually exploitable in a private cloud environment

Posted on August 6, 2024 by Brogrammer

We use a python web framework and gunicorn on top of docker to power a web application with frontend in a private cloud that can be accessed by a private network. Our security tools reports a lot of libc vulnerabilities for the debian base… Continue reading Does libc security vulnerabilities in a python web application are actually exploitable in a private cloud environment→

Why isn’t LD_PRELOAD disabled by default in Linux?

Posted on May 15, 2024 by Egor Sozonov

The Linux dynamic linker includes a mechanism of dynamically loading arbitrary code into every process using the LD_PRELOAD environment variable and the /etc/ld.so/preload file. This sounds dangerous and is dangerous. As a recent example, … Continue reading Why isn’t LD_PRELOAD disabled by default in Linux?→

Bash deletes null bytes in exploit input for ROP/returntolibc

Posted on March 30, 2024 by germphjd

I am trying to do a returntolibc exploit. The goal is to gain a shell with root privilege by calling setuid(0) and then system("/bin/sh"). I have been agonizing over trying to get this thing to accept my payload, but bash keeps d… Continue reading Bash deletes null bytes in exploit input for ROP/returntolibc→

This Week in Security: Glibc, Ivanti, Jenkins, and Runc

Posted on February 2, 2024 by Jonathan Bennett

There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. This one’s a real rollercoaster, because logging vulnerabilities are always scary, but at a first look, it seems nearly …read more Continue reading This Week in Security: Glibc, Ivanti, Jenkins, and Runc→

Questions on GLIBC Heap Exploitation (House of Force)

Posted on January 26, 2024 by localacct

This is with reference to Max Kamper’s video on GLIBC heap exploitation and these articles I read

https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i
https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i/house-of-force-ii
… Continue reading Questions on GLIBC Heap Exploitation (House of Force)→

Questions on GLIBC Heap Exploitation (House of Force)

Posted on January 26, 2024 by localacct

This is with reference to Max Kamper’s video on GLIBC heap exploitation and these articles I read

Questions on GLIBC Heap Exploitation (House of Force)

Posted on January 26, 2024 by localacct

This is with reference to Max Kamper’s video on GLIBC heap exploitation and these articles I read

Debian’s security tracker says a CVE is fixed, while BlackDuck scanner detects it

Posted on December 3, 2023 by Roman Grazhdan

I stumbled across a vulnerability considered a critical security risk (CVE-2023-25139) in one of container images I build.
Debian’s security tracker states it’s fixed: https://security-tracker.debian.org/tracker/CVE-2023-25139 – specifical… Continue reading Debian’s security tracker says a CVE is fixed, while BlackDuck scanner detects it→

Where do stack pointer differences to stack base originate from on Linux?

Posted on February 15, 2023 by milck

Let’s assume we have this simple program:
void main() {
int x;
printf("%p", &x);
}

Assuming the stack is mapped something like this:
0x007ffffffdd000 0x007ffffffff000 0x00000000000000 rw- [stack]

I might get an outp… Continue reading Where do stack pointer differences to stack base originate from on Linux?→

Why GNU libc’s salt alphabet for `crypt` is limited to ./0-9A-Za-z?

Posted on July 3, 2022 by Anthony

According to docs:

To hash a new passphrase for storage, set salt to a string consisting of [a prefix plus] a sequence of randomly chosen characters …

and

In all cases, the random characters should be chosen from the alphabet ./0-9A-Z… Continue reading Why GNU libc’s salt alphabet for `crypt` is limited to ./0-9A-Za-z?→