mastodon.zunda.ninja: About · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.5.0-alpha.1+4045c11b-ruby-3.4.5
Cool bug
Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses in #curl results in indeterminate SSRF #vulnerabilities.
Security Vulnerability of HTML Emails
This is a newly discovered email vulnerability:
The email your manager received and forwarded to you was something completely innocent, such as a potential cust... https://www.schneier.com/blog/archives/2024/04/security-vulnerability-of-html-emails.html
I doubt that many of my followers are familiar with Xunlei Accelerator, this application being mostly used in China. I came across it due to its popular Chrome extension with 28 million users. I looked into the security of this applications and… security? What security?
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
An overview:
· Program installation directory writable by any user.
· The built-in browser is based on a three years old Chromium.
· That browser exposed a powerful internal API to arbitrary websites (⇨ code execution among others).
· This browser could also be opened by any website loaded in the user’s regular browser, without any user interaction.
· XSS vulnerabilities in the display of messages in the main application, despite using React (⇨ code execution).
· Electron’s renderer sandboxing effectively rendered ineffective.
· Local webserver using “authentication” based on a “secret” hardcoded string.
· Plugin installation can be triggered by any website (⇨ code execution).
· Plugin list downloads via insecure HTTP connection (⇨ code execution).
· Rudimentary HTTP client used in some places, with memory safety issues and recognizing exactly two server responses.
· Tons of outdated third-party code, including (but not limited to) two years old FFmpeg, twelve years old libpng and eight years old zlib.
The vendor fixed the most obvious ways to exploit these issues. With the communication being spotty to say the least, I don’t know whether they plan to do more.
#curl 8.0.0 will include 6 security fixes. Out of these 6 #vulnerabilities I found 5 and this brings my total to 24 found from curl. In case you're wondering: I don't consider curl to be exceptionally vulnerable, in fact I consider curl one of the most robust pieces of software I've seen. Offering good #bounties is a great motivation for bug hunting.
“It’s #axiomatic that any system preying upon the #vulnerabilities of the many, to profit the few, is both a #moral and #ethical #atrocity. #Capitalism embodies such a #system.”
My new #post is up over at Ian Welsh’s incredible #blog. I’m #grateful he lets me post my ramblings there. Let me know what you think!
Today we released updates for a series of #vulnerabilities termed 'There's a hole in the boot' / BootHole in GRUB2 that could allow an attacker to subvert UEFI Secure Boot. Learn more here. #security #CVE
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Login