Image files in UEFI can be abused to modify boot behavior

Overview Implementation of Unified Extensible Firmware Interface UEFI by Vendors provide a way to customize logo image displayed during the early boot phase. Binarly has uncovered vulnerabilities in the image parsing libraries that provide this capability. An attacker with local privileged access...

Vulnerability Research Highlights 2021

At SonarSource we are constantly improving our code analyzers to help developers write Clean Code. The detection of severe code vulnerabilities plays an important role in this process so that applications are protected from attacks and security breaches. For this same reason, our research team...

IoT riddled with BadAlloc vulnerabilities

The Cybersecurity and Infrastructure Security Agency CISA has published advisory ICSA-21-119-04 about vulnerabilities found in multiple real-time operating systems RTOS and supporting libraries. Those operating systems and libraries are widely used in smart, Internet-connected "things". The numbe...

New HTTP/2 vulnerability exposure, allowing hackers to exploit an unpatched server to trigger a DoS attack-vulnerability warning-the black bar safety net

According to foreign media reports, recently, security researchers disclosed a HTTP/2 Protocol the eight vulnerabilities, allowing hackers to use to support HTTP/2 communication is not to patch the server to trigger a denial of Service DoS attack is. It is reported that these vulnerabilities allo...

Ruby: Resolv::getaddresses bug that can be abused to bypass security measures.

Description Resolv::getaddresses is OS-dependent, therefore by playing around with different IP formats one can return blank values. This bug can be abused to bypass exclusion lists often used to protect against SSRF. | 💻 Machine 1 | 💻 Machine 2 | |--------------|---------------| | ruby 2.3.3p222...

STARTTLS plaintext command injection vulnerability

Overview Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. Description STARTTLS is an extension to plaintext communication protocols that offers a way to upgrade a plaintext connection to an encrypted TLS or SSL connection...

KAME project IPv6 IPComp header denial of service vulnerability

Overview The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash. Description Per RFC 3173:IP payload compression is a protocol to reduce the size of ...

Shadow Utils useradd utility sets incorrect file permissions

Overview The Shadow Utilities contain a vulnerability that may result in new user mailboxes having arbitrary permissions. Description The Shadow Utilities provide tools to manage user accounts.When a new mailbox is created using the useradd utility, the open function does not receive the expected...

Icecast vulnerable to buffer overflow via long GET request

Overview A remotely exploitable buffer overflow exists in Icecast. Description A remotely exploitable buffer overflow exists in Icecast. By sending on overly long GET request to the server, an attacker can execute arbitrary code with the privileges of the Icecast server, or cause the service to...

ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database Server Remote Buffer Overflow Vulnerability

ENTERCEPT RICOCHET ADVISORY Date: Monday, August 12, 2002 Issue: Multi-Vendor CDE ToolTalk Database Server Remote Buffer Overflow Vulnerability DETAILS: The ToolTalk component allows applications to communicate with each other via remote procedure calls RPC across different hosts and platforms. T...

OpenSSH allows arbitrary file deletion via symlink redirection of temporary file

Overview Due to insecure handling of temporary files, some versions of sshd, an encrypted connection program, can delete any file named "cookies" accessible via the computer running sshd. Description sshd is the server software used to support ssh, a popular encryted connection program. Some...

sort creates temporary files insecurely

Overview The sort utility creates temporary files insecurely, making sort subject to a denial-of-service attack. Description The UNIX sort utility creates temporary files with predictable names. The creation is done in a manner to prevent information loss via a symlink attack, but existence of th...

BIND T_NXT record processing may cause buffer overflow

Overview A vulnerability in BIND, repaired in verison 8.2.2p5, allows remote attackers to execute code with the privileges of the process running named. This vulnerability was widely exploited from November 1999 to December 2000. Description There is a buffer overflow in the processing of NXT...

HyperTerminal Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HyperTerminal Buffer Overflow Vulnerability USSR Advisory Code: USSR-2000055 Public Disclosure Date: October 18, 2000 Vendors Affected: Microsoft Corporation http://www.microsoft.com Hilgraeve, Inc. http://www.hilgraeve.com Systems Affected:...