Bad Patches, Fuzzing Sockets, & 3DS Hacked by Super Mario
Day[0] - En podcast af dayzerosec
Kategorier:
Some drama in the Linux Kernel and so many vulns resulting in code execution in Homebrew, GitLab, an air fryer, Source engine, Super Mario Maker, Adobe Reader and the Linux Kernel. [00:00:32] On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf https://lore.kernel.org/linux-nfs/YH+zwQgBBGUJdiVK@unreal/ https://lore.kernel.org/linux-nfs/YH%2FfM%[email protected]/ During this episode we speculated that the recent patches might be unrelated to the research. This seems to have been confirmed by U. Mn in an email we did not see before recording https://lore.kernel.org/lkml/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com/ [00:15:18] Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective https://signal.org/blog/cellebrite-vulnerabilities/ [00:22:30] [Ubuntu] OverlayFS LPE https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/ [00:25:48] Synology DSM AppArmor synosearchagent misconfiguration https://talosintelligence.com/vulnerability_reports/TALOS-2020-1158 [00:28:22] [GitLab] RCE via unsafe inline Kramdown options https://hackerone.com/reports/1125425 [00:35:25] [Homebrew] Broken parsing of Git diff allows an attacker to inject arbitrary Ruby scripts to Casks on official taps https://hackerone.com/reports/1167608 https://blog.ryotak.me/post/homebrew-security-incident-en/ [00:41:52] Remote code execution vulnerabilities in Cosori smart air fryer https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1216 [00:48:54] Source engine remote code execution via game invites [CVE-2021-30481] https://secret.club/2021/04/20/source-engine-rce-invite.html [01:00:40] Discussion: Should programs be banned from Hackerone https://dayzerosec.com [01:08:54] [Nintendo|3DS] Buffer Overflow in Super Mario Maker level decompression https://hackerone.com/reports/687887 [01:15:12] PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219 [01:20:12] Analysis of a use-after-free Vulnerability in Adobe Acrobat Reader DC https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/ https://www.zerodayinitiative.com/blog/2021/4/22/cve-2021-20226-a-reference-counting-bug-in-the-linux-kernel-iouring-subsystem [01:31:21] Designing sockfuzzer, a network syscall fuzzer for XNU https://googleprojectzero.blogspot.com/2021/04/designing-sockfuzzer-network-syscall.html [01:37:26] gaasedelen/tenet: A Trace Explorer for Reverse Engineers https://github.com/gaasedelen/tenet [01:40:41] tmp.0ut https://tmpout.sh/1/ [01:44:35] Phœnix exploit / iOS 9.3.5 https://gist.github.com/Siguza/96ae6d6806e974199b1d44ffffca5331 [01:46:02] Experiences with Apple Security Bounty https://theevilbit.github.io/posts/experiences_with_asb/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the vide