Tag Archives: rce

iOS 透過無線網路的 RCE...

Posted on April 4, 2017 by Gea-Suan Lin

在「About the security content of iOS 10.3.1」這邊的說明: Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip … Continue reading

Posted in Computer, Hardware, Murmuring, Network, Security, Software | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

MySQL 全系列的安全性漏洞

Posted on September 13, 2016 by Gea-Suan Lin

包含 MySQL 本家與所有從 MySQL 改出去的分支都中了,引用 Percona 的通報:「Percona Server Critical Update CVE-2016-6662」。 This is a CRITICAL update, and the fix mitigates the potential for remote root code execution. 原始的 security advisory 在「CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation … Continue reading

Posted in Computer, Database, MariaDB, Murmuring, MySQL, Network, Security, Software | Tagged , , , , , , , , , , , , , | 1 Comment

Cisco 與 Fortinet 防火牆的 RCE 漏洞

Posted on August 20, 2016 by Gea-Suan Lin

NSA 使用這些漏洞來大量監聽企業的流量:「Leaked Exploits are Legit and Belong to NSA: Cisco, Fortinet and Snowden Docs Confirm」。 Cisco 已經確認這個安全性漏洞了,全系列包括已經停產的 Cisco PIX、上個世代的 Cisco ASA 5500 (但還有些型號還在賣),以及目前主力的 Cisco ASA 5500-X,另外還包括了安全模組系列也中獎:「Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability」。 Cisco ASA 5500 Series Adaptive Security … Continue reading

Posted in Computer, Hardware, Murmuring, Network, Political, Security, Social, VPN, WWW | Tagged , , , , , , , , , , , , , , , , | Leave a comment

Badlock Bug 總算公佈了...

Posted on April 16, 2016 by Gea-Suan Lin

關於 Samba 與 Windows 網芳的安全性問題,拖了三個禮拜的「Badlock Bug」的細節總算公佈了 (網頁還不支援 HTTPS)。 果然是為了打名氣而事前公佈的... 都不是無條件的 RCE (Remote Code Execution),而是透過 MITM 後的 RCE。

Posted in Computer, Murmuring, Network, OS, Security, Software, Windows | Tagged , , , , , , | Leave a comment

Git 的安全性問題

Posted on March 17, 2016 by Gea-Suan Lin

在「Remote Code Execution in all git versions (client + server) < 2.7.1: CVE-2016-2324, CVE-2016‑2315」這邊看到歡樂的 CVE-2016-2315 與 CVE-2016-2324,屬於 RCE 類漏洞。 Git 2.7.1 之前的所有版本都有問題,看起來由於問題過於大條,在 2016/02/06 發表的「Git v2.7.1 Release Notes」沒有標出這兩個 CVE,讓所有 vendor 有時間升級。 不過看起來 GitLab 不在被通知的 vendor 裡面,很無奈的在 CVE 公開後馬上推出新版,需要升級到最新版本:「GitLab 8.5.7 Released」。

Posted in Computer, Murmuring, Programming, Security, Software | Tagged , , , , , , , | 3 Comments

CVE-2015-7547:getaddrinfo() 的 RCE (Remote Code Execution) 慘案

Posted on February 17, 2016 by Gea-Suan Lin

Google 寫了一篇關於 CVE-2015-7547 的安全性問題:「CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow」。 Google 的工程師在找 OpenSSH 連到某台特定主機就會 segfault 的通靈過程中,發現問題不在 OpenSSH,而是在更底層的 glibc 導致 segfault: Recently a Google engineer noticed that their SSH client segfaulted every time they tried to connect to a specific host. That … Continue reading

Posted in Computer, DNS, Linux, Murmuring, Network, OS, Security, Software | Tagged , , , , , , , , , , , , , , , , , , , , | Leave a comment

Apple 首次自動強制更新:NTP 安全問題

Posted on December 24, 2014 by Gea-Suan Lin

Apple 第一次的自動強制更新就給了這次的 ntpd 安全性問題 CVE-2014-9295:「Apple pushes first ever automated security update to Mac users」。 A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting … Continue reading

Posted in Computer, MacOS, Murmuring, Network, OS, Security, Software | Tagged , , , , , , , | Leave a comment