Security News

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

Full Disclosure - 4 February, 2024 - 03:12

Posted by Qualys Security Advisory via Fulldisclosure on Feb 04

Qualys Security Advisory

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

========================================================================
Contents
========================================================================

Summary
Analysis
Proof of concept
Exploitation
Acknowledgments
Timeline

========================================================================
Summary...

Research about usage & possible issues of the NVD

Full Disclosure - 4 February, 2024 - 03:11

Posted by Andreas Hammer on Feb 04

Hello there!

The University of Erlangen-Nuremberg (Germany) is conducting a research
study to investigate the usage and possible issues of the NVD (National
Vulnerability Database). If you are using the NVD regularly, we would
greatly appreciate your participation which contributes to the
improvement of vulnerability management. You can read more about the
survey here:

https://www.cs1.tf.fau.de/2024/01/29/survey-on-usage-of-nvd/

The...

TROJAN.WIN32 BANKSHOT / Remote Stack Buffer Overflow (SEH)

Full Disclosure - 4 February, 2024 - 03:11

Posted by malvuln on Feb 04

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32 BankShot
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 1978 and creates a local
Windows service running with SYSTEM integrity. Third-party adversaries who
can reach the...

[KIS-2024-01] XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability

Full Disclosure - 4 February, 2024 - 03:11

Posted by Egidio Romano on Feb 04

------------------------------------------------------------
XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability
------------------------------------------------------------

[-] Software Link:

https://xenforo.com

[-] Affected Versions:

Version 2.2.13 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the
/src/XF/Service/Style/ArchiveImport.php script. Specifically, into the...

NULL pointer dereference in the function handle_viminfo_register() of vim

Full Disclosure - 4 February, 2024 - 03:09

Posted by Christian Brabandt on Feb 04

Meng Ruijie wrote:

Meng,

This particular problem was fixed in Vim v9.0.1740
https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853

I have no idea, why this issue is worth a CVE, because if an attacker
can modify your .viminfo file to make Vim crash, he already has the
possibilities to do much more harm directly. So I don't think this is
particular useful CVE. I'd also like to dispute this.

Thanks,
Christian

Re: Buffer Overflow in graphviz via via a crafted config6a file

Full Disclosure - 27 January, 2024 - 17:03

Posted by Matthew Fernandez on Jan 27

More specifically, this issue is an out-of-bounds read.

AFAICT the issue was actually introduced in Graphviz 2.36. It was fixed
in commit a95f977f5d809915ec4b14836d2b5b7f5e74881e (essentially
reverting cf95714837f06f684929b54659523c2c9b1fc19f that introduced the
issue), but there has been no release yet since then. The next release
will be 10.0.0. So affected versions would be [2.36, 10.0.0).

To exploit this issue, you need to modify a...

CVEs based on commit messages

Full Disclosure - 27 January, 2024 - 17:03

Posted by Mark Esler on Jan 27

Dear Meng Rujie,

In regards to your recent FD posts, are you requesting CVEs based on the
presence of strings in commit messages such as "null pointer dereference"?

Are you reaching out to each upstream project before assigning a CVE? Do
you believe that every null pointer bug is a vulnerability? What impact
are you hoping to achieve?

Please reconsider how you are requesting CVEs.

CVE assignment based on commit message allows...

Re: null pointer deference in nano via read_the_list()

Full Disclosure - 27 January, 2024 - 17:03

Posted by Mark Esler on Jan 27

Hi Meng,

In your recent mass posts to FD, are you reporting vulnerabilities or
bug reports which have words like "segfault" in the title? What benefit
do you see this having? Have you spoken to each upstream project before
requesting a CVE be assigned?

Thank you,
Mark Esler

Re: NULL pointer dereference in freedesktop Mesa via check_xshm()

Full Disclosure - 27 January, 2024 - 17:01

Posted by Dan Cross on Jan 27

I find it very difficult to believe that every NULL pointer error in
existence is a security vulnerability.

- Dan C.

Re: Null pointer dereference in Xedit

Full Disclosure - 27 January, 2024 - 17:01

Posted by Alan Coopersmith on Jan 27

I will be asking that this CVE be withdrawn on behalf of the X.Org security team.

While it is a low-priority bug, we did not see any security exposure
when this bug was first brought to our attention because there is no
way for an attacker to change the contents of the lisp.lsp file or to
cause a *.lsp file to be loaded for another user.

The bug report states "replace /usr/local/lib/X11/xedit/lisp/lisp.lsp with
the attached version,"...

Buffer overflow in Sane

Full Disclosure - 26 January, 2024 - 10:11

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A buffer overflow existed in Sane v.1.2.1 via a crafted config file to the init_options() function.

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
sane

[Affected Product Code Base]
sane - 1.2.1

[Reference]
https://gitlab.com/sane-project/backends/-/issues/709

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46052 to this
vulnerability.

null pointer deference in tex-live

Full Disclosure - 26 January, 2024 - 10:11

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A null pointer deference existed in tex-live v.944e257 via a crafted file to the texk/web2c/pdftexdir/tounicode.c
function.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
tex-live

[Affected Product Code Base]
tex-live - 944e257

[Reference]
https://tug.org/pipermail/tex-live/2023-August/049406.html

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned...

null pointer deference in MiniZinc via a crafted Preferences.json file

Full Disclosure - 26 January, 2024 - 10:11

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A null pointer deference existed in MiniZinc v.2.7.6 via a crafted Preferences.json file.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
MiniZinc

[Affected Product Code Base]
MiniZinc - 2.7.6

[Reference]
https://github.com/MiniZinc/libminizinc/issues/729

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46050 to this...

Re: 0xC15A: Secure By Design and Secure by Default

Daily Dave - 26 January, 2024 - 10:05

Posted by Christian Heinrich via Dailydave on Jan 26

Telsh,

The CISA responded to their draft deliverable on 29 November 2023
(Page 15) and have agreed to implement its recommendations by 31
October 2024, 30 May 2025 (Page 12) and 30 September 2025 (Page 13)

The page numbers above of
https://www.oig.dhs.gov/sites/default/files/assets/2024-01/OIG-24-09-Jan24.pdf

Secure By Default Part 2

Daily Dave - 19 January, 2024 - 16:06

Posted by Dave Aitel via Dailydave on Jan 19

So I wrote a little draft essay on Secure By Default and opened it for
comment. I think one thing that we maybe forget in our community is that
some of the more fundamental basises of what we do never make it up to
policy-world. Langsec being the primary example. But also there's a huge
body of work in TAOSSA, Shellcoders, every offensive conference talk, etc.
that never gets put into context anywhere but in our clique.

Obviously feel free...

Re: 0xC15A: Secure By Design and Secure by Default

Daily Dave - 19 January, 2024 - 15:59

Posted by telsh via Dailydave on Jan 19

Hey everybody,

Please note the last sentence on page 3:
"The scope of our audit was efforts during fiscal years 2019 through 2022"

Not being a fanboy of CISA, I see that quite a lot of (positive) things
have happened in the last 2 years there.

And publishing a report for that timeframe in January 2024 puts the OIG
in a questionable light regarding agility and speed.

Just my 0.02 €...
telsh

Re: 0xC15A: Secure By Design and Secure by Default

Daily Dave - 19 January, 2024 - 10:18

Posted by Christian Heinrich via Dailydave on Jan 19

Dave,

https://www.oig.dhs.gov/sites/default/files/assets/2024-01/OIG-24-09-Jan24.pdf
reached a different conclusion.

0xC15A: Secure By Design and Secure by Default

Daily Dave - 12 January, 2024 - 16:40

Posted by Dave Aitel via Dailydave on Jan 12

So I have a ton of thoughts on the CISA Secure by Design and Secure by
Default push that is ongoing, as I am sure many of you do. And the first
thought is: This is not a bad way to go about business as a government
agency in general. I think it's easy to ignore how fast the USG has changed
its business practices, showing an agility that few large organizations can
match. In particular using Secure By Design as a case example.

1. Massive...

Re: Leverage

Daily Dave - 27 December, 2023 - 14:45

Posted by Jason Syversen via Dailydave on Dec 27

I’m in! I’ve spent a bunch of time on this topic, from the mechanical (donor advised funds, supporting organizations,
tax law, etc.), theoretical (“effective altruism”, 80,000 hours, books on giving strategy, etc.) and practical (served
at probably a dozen charities now in various roles, donor strategies, measuring impact, etc.) AMA!

It’s fun as a hacker to use that mindset to effect a different kind of system change. And much more...

Leverage

Daily Dave - 27 December, 2023 - 13:40

Posted by Dave Aitel via Dailydave on Dec 27

So we know a lot of people who've gone into Big Corpo or sold a company or
just worked hard and gotten lucky and happen to be richer than the average
bear. And while a lot of those people put their money into nice things,
nothing wrong with that, a lot of them also try to use that money to change
the world, and then they find out it's harder to change the world with
money than it is with an exploit. And I know a lot of people who say...
Syndicate content