Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel

Author: Alexander Popov, Positive Technologies CVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. I discovered and fixed them in January 2021. In this article I describe how to exploit them for local privilege escalation on Fedora 33 Server for x86_64, bypassing SMEP and SMAP. Today I gave a talk at Zer0Con 2021 on this topic (slides). I like this exploit. The race condition can be … Continue reading Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel

CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem

This article discloses exploitation of CVE-2019-18683, which refers to multiple five-year-old race conditions in the V4L2 subsystem of the Linux kernel. I found and fixed them at the end of 2019. I gave a talk at OffensiveCon 2020 about it (slides). Here I’m going to describe a PoC exploit for x86_64 that gains local privilege escalation from the kernel thread context (where the userspace is not … Continue reading CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem

Apple fixed firmware vulnerability found by Positive Technologies

The vulnerability allowed exploiting a critical flaw in Intel Management Engine and still can be present in equipment of vendors that use Intel processors. Apple released an update for macOS High Sierra 10.13.4, which fixes the firmware vulnerability CVE-2018-4251 found by Positive Technologies experts Maxim Goryachy and Mark Ermolov. For more details, see Apple Support. Maxim Goryachy notes: \”The vulnerability allows an attacker with administrator … Continue reading Apple fixed firmware vulnerability found by Positive Technologies

Intel fixes vulnerability found by Positive Technologies researchers in Management Engine

Intel has issued a security advisory and released a patch for a vulnerability discovered in Intel ME by Positive Technologies researchers Mark Ermolov and Maxim Goryachy. Intel has also published a downloadable detection tool so that administrators of Windows and Linux systems can determine whether their hardware is at risk. Intel Management Engine is a proprietary dedicated microcontroller integrated into the Platform Controller Hub (PCH) … Continue reading Intel fixes vulnerability found by Positive Technologies researchers in Management Engine

A major flaw in a popular encryption library undermines security of millions of crypto keys

Source: crocs.fi.muni.cz An international IT security team of researchers from Britain, Slovakia, Czech Republic, and Italy found a critical vulnerability in the popular encryption library RSA Library v1.02.013 by Infineon. Weak factoring mechanism results in attackers obtaining secret crypto keys and using them for data breach and theft.  This vulnerable library is used to ensure security of national ID maps in various countries and in … Continue reading A major flaw in a popular encryption library undermines security of millions of crypto keys

New Apache Struts vulnerability allows remote code execution

A new security flaw detected in Apache Struts allows an unauthenticated attacker to execute arbitrary code on a vulnerable system. Although the Apache Software Foundation classified it as a medium severity vulnerability, Cisco has outlined a long list of its products in the Security Advisory that are affected by this flaw. Extent of the problem The vulnerability is contained in the FreeMarker functionality of the … Continue reading New Apache Struts vulnerability allows remote code execution

Practical ways to misuse a router

Wi-Fi and 3G routers are all around us. Yet in just one recent month, approximately 10 root shell and administrator account vulnerabilities in home internet devices came to light. And access to tens of millions of IoT devices—routers, webcams, and other gadgets—is available to anyone willing to pay $50 for a shodan.io paid account. At the same time, developers and vendors of these devices tend … Continue reading Practical ways to misuse a router

Positive Technologies expert helps to fix vulnerability in Viber for Windows

Viber has fixed a vulnerability in the company\’s Windows client found by a group of security experts, which included a Positive Technologies researcher. This security bug enabled attackers to steal data needed for user authentication in Windows. Users urged to update to Viber version 6.7.2 \”In essence, when a link resembling http://host/img.jpg is sent during a chat, Viber would first load it as the client … Continue reading Positive Technologies expert helps to fix vulnerability in Viber for Windows

Protecting the Perimeter: Old Attacks Work Just as Well as New Ones

When we think about external threats to information security, often our first thoughts are of hacker attacks on the network perimeter—say, advanced persistent threats (APTs) targeting large companies and governments. One example is the compromise of the Equation Group with publication of some of the group\’s tools for breaching the network perimeter. But as it turns out, many of the exploits have been known for … Continue reading Protecting the Perimeter: Old Attacks Work Just as Well as New Ones

Web Application Vulnerabilities-2016: Users Unprotected

Modern web technologies allow businesses to solve organizational issues cost-effectively and efficiently and demonstrate their services and products to a wide range of audiences through the Internet. However, attackers may exploit websites as an easy access point to company infrastructure. This can cause financial and reputational damage, and despite well documented incidents involving compromised security, developers and administrators still pay little attention to the security … Continue reading Web Application Vulnerabilities-2016: Users Unprotected