Linux kernel ioctls race condition -> use after free
Upstream : https://github.com/torvalds/linux/commit/b3defb791b26ea0683a93a4f49c77ec45ec96f10
call stack:
Upstream : https://github.com/torvalds/linux/commit/b3defb791b26ea0683a93a4f49c77ec45ec96f10
call stack:
thread a:
-> snd_seq_write
-> snd_seq_client_enqueue_event
-> snd_seq_event_dup
-> snd_seq_cell_alloc
-> schedule -> thread b
thread b:
-> snd_seq_ioctl_set_client_pool
-> snd_seq_pool_mark_closing (set closeing to 1)
-> snd_seq_queue_client_leave_cells (release cell)
-> wake_up -> thread a
thread a:
-> snd_seq_ioctl_set_client_pool
-> snd_seq_pool_mark_closing (set closeing to 1 again)
-> snd_seq_queue_client_leave_cells (already release cell by thread b)
-> snd_seq_pool_done (release pool and allocate new pool, 2cd pool;
set closeing to 0)
-> snd_seq_write
-> snd_seq_client_enqueue_event
-> snd_seq_event_dup
-> snd_seq_cell_alloc
-> schedule -> thread b
thread b:
back to snd_seq_queue_client_leave_cells, after func wake_up
-> snd_seq_queue_client_leave_cells
-> snd_seq_pool_done (release pool and allocate new pool, 3rd pool;
set closeing to 0)
(leave 2cd pool's cell unhandled)
-> wake_up -> thread a:
thread a:
-> snd_seq_cell_alloc:
while (pool->free == NULL && ! nonblock && ! pool->closing)
meet dead loop, now pool in thread a is the 2cd pool, has been released,
now is a wild pointer.
GitHub
ALSA: seq: Make ioctls race-free · torvalds/linux@b3defb7
The ALSA sequencer ioctls have no protection against racy calls while
the concurrent operations may lead to interfere with each other. As
reported recently, for example, the concurrent calls of se...
the concurrent operations may lead to interfere with each other. As
reported recently, for example, the concurrent calls of se...
This media is not supported in your browser
VIEW IN TELEGRAM
[Digikala] Infinity loop client side bug,
Just for fun!
Just for fun!
https://github.com/fireeye/flare-vm
flare-vm is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
flare-vm is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
GitHub
GitHub - mandiant/flare-vm: A collection of software installations noscripts for Windows systems that allows you to easily setup…
A collection of software installations noscripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM. - mandiant/flare-vm
Exobot Author Calls It Quits and Sells Off Banking Trojan Source Code
https://www.bleepingcomputer.com/news/security/exobot-author-calls-it-quits-and-sells-off-banking-trojan-source-code/
Things are about to get a lot worse for Android users after the source code of a highly advanced Android banking trojan has been sold to different parties on a well-known hacking forum. [...]
https://www.bleepingcomputer.com/news/security/exobot-author-calls-it-quits-and-sells-off-banking-trojan-source-code/
Things are about to get a lot worse for Android users after the source code of a highly advanced Android banking trojan has been sold to different parties on a well-known hacking forum. [...]
BleepingComputer
Exobot Author Calls It Quits and Sells Off Banking Trojan Source Code
Things are about to get a lot worse for Android users after the source code of a highly advanced Android banking trojan has been sold to different parties on a well-known hacking forum.
Linux Kernels 4.14.14, 4.9.77, 4.4.112, and 3.18.92 Released with Security Fixes [Meltdown and Spectre patches in the Linux kernel]
http://news.softpedia.com/news/linux-kernels-4-14-14-4-9-77-4-4-112-and-3-18-92-released-with-security-fixes-519427.shtml
http://news.softpedia.com/news/linux-kernels-4-14-14-4-9-77-4-4-112-and-3-18-92-released-with-security-fixes-519427.shtml
softpedia
Linux Kernels 4.14.14, 4.9.77, 4.4.112, and 3.18.92 Released with Security Fixes
Users are urged to update their Linux systems immediately
Pivot, Exploit, Death by Firewall |
https://warroom.securestate.com/portfowarding-pivoting/
https://warroom.securestate.com/portfowarding-pivoting/
Deleted Account
Photo
Source code test shellcode by Jems forshow of google project zero
https://github.com/raminfp/shellcode
https://github.com/raminfp/shellcode
Microsoft Resumes Meltdown & Spectre Updates for AMD Devices
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-meltdown-and-spectre-updates-for-amd-devices/
Microsoft has resumed the rollout of security updates for AMD devices. The updates patch the Meltdown and Spectre vulnerabilities. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-meltdown-and-spectre-updates-for-amd-devices/
Microsoft has resumed the rollout of security updates for AMD devices. The updates patch the Meltdown and Spectre vulnerabilities. [...]
BleepingComputer
Microsoft Resumes Meltdown & Spectre Updates for AMD Devices
Microsoft has resumed the rollout of security updates for AMD devices. The updates patch the Meltdown and Spectre vulnerabilities.
A quick demonstration of a PyKD noscript used to sniff RPC requests VMware
https://youtu.be/ArE35aphCHQ
https://youtu.be/ArE35aphCHQ
YouTube
Automating VMware RPC Request Sniffing
A quick demonstration of a PyKD noscript used to sniff RPC requests to assist in writing VMware RPC exploits. Understanding how certain requests are being sent...
[webapps] PEAR XML_RPC < 1.3.0 - Remote Code Execution
https://www.exploit-db.com/exploits/43828/?rss
PEAR XML_RPC
https://www.exploit-db.com/exploits/43828/?rss
PEAR XML_RPC
Forwarded from TechToday News
#Vulnerability #Programming #Article
Programmer's Guide to Meltdown
http://funwithbits.net/blog/programmers-guide-to-meltdown/
https://github.com/raphaelsc/Am-I-affected-by-Meltdown
https://github.com/IAIK/meltdown/
Programmer's Guide to Meltdown
http://funwithbits.net/blog/programmers-guide-to-meltdown/
https://github.com/raphaelsc/Am-I-affected-by-Meltdown
https://github.com/IAIK/meltdown/
funwithbits.net
Programmer's Guide to Meltdown - a programmer having fun with bits
programmer's guide to meltdown exploit poc
Free PDF about Programming from Stack Overflow
http://books.goalkicker.com/
http://books.goalkicker.com/
XSStrike is a program which can crawl, fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.
https://github.com/UltimateHackers/XSStrike
https://github.com/UltimateHackers/XSStrike
GitHub
GitHub - s0md3v/XSStrike: Most advanced XSS scanner.
Most advanced XSS scanner. Contribute to s0md3v/XSStrike development by creating an account on GitHub.
Google Forms (WordPress plugin) SSRF vulnerability
https://klikki.fi/adv/wpgform.html
https://klikki.fi/adv/wpgform.html
🖕
Topic this course will cover:
Reviewing the C language and the C11 standard
Understanding the development cycle
Setting values
Writing statements and expressions
Adding comments to code for clarity
Declaring data types
Manipulating strings
Declaring variables
Using operators and expressions
Working with functions
Controlling flow with if-else statements and loops
Initializing arrays
Working with files
Including files and executing macros with the C preprocessor
Understanding best coding practices
Course overview:
Course provider: Lynda
Platform: Windows/*Nix
Skill level required: Beginner
Duration: ~7.5 Hours
Download overview:
Name: C-Essential-Training
Total size: ~732.9 MB
Contains: 19 folders and 101 files (Including exercise file)
Topic this course will cover:
Reviewing the C language and the C11 standard
Understanding the development cycle
Setting values
Writing statements and expressions
Adding comments to code for clarity
Declaring data types
Manipulating strings
Declaring variables
Using operators and expressions
Working with functions
Controlling flow with if-else statements and loops
Initializing arrays
Working with files
Including files and executing macros with the C preprocessor
Understanding best coding practices
Course overview:
Course provider: Lynda
Platform: Windows/*Nix
Skill level required: Beginner
Duration: ~7.5 Hours
Download overview:
Name: C-Essential-Training
Total size: ~732.9 MB
Contains: 19 folders and 101 files (Including exercise file)