The Integer-Overflow (IOF) vulnerability family is responsible for a dominant part of C/C++ code vulnerabilities, as I shown in my previous post with a specific example. However, the Integer vulnerability class has more than IOFs in it, and this will be the topic of this post.
After a long patching process, CVE 2016-8636 was now fixed and can be publicly disclosed. CVE 2016-8636 is caused by a classic integer-overflow vulnerability, showing that even the linux kernel suffers from this major vulnerability family.
In my search of Bug Bounty programs, I found Microsoft’s page and started to learn about CFG – Microsoft’s CFI implementation. From this research I developed “Liberation Guard”, a security enhancement to CFG that aims to block virtual table hijacking exploits.
During the end of august I made an audit to the C modules in the popular Python library, version 2.7.12. This audit quickly produced the 1st vulnerability I found in a high-profile library, the 1st of many more that came afterwards.
As was promised in the last posts, today we will discuss the development risks in the (de)fragmentation feature. From a security stand-point this is a Zero-Sum Game: a developer’s nightmare is a researcher’s goldmine, and defragmentation is a goldmine that seems to always payoff.
As I promised in my previous post, here is an official public disclosure of CVE 2016-8633: linux kernel firewire driver remote code execution. The official fix was merged yesterday into the linux kernel, and so I can know talk freely about it.
During last August I made a security audit to an interesting embedded library I have found in Github: libcsp:
Cubesat Space Protocol – A small network-layer delivery protocol designed for Cubesats
This blog post will describe my findings, CVE 2016-8596, CVE 2016-8597, CVE 2016-8598, will publicly disclose the vulnerabilities and will elaborate on the lessons that can be learned from them.