Day: January 1, 2017

SSD Advisory – BusyBox (local) cmdline Stack Buffer Overwrite

Vulnerability Description BusyBox provides an `arp` applet which is missing an array bounds check for command-line parameter `IFNAME`. It is therefore vulnerable to a command-line based local stack buffer overwrite effectively allowing local users to write past a 16 bytes fixed stack buffer. This leads to two scenarios, one (A) where an IOCTL for GET_HW_ADDRESS …

SSD Advisory – BusyBox (local) cmdline Stack Buffer Overwrite Read More »

Know your community – Orange Tsai

Happy new year everyone! One of our new year’s resolution is to promote the security community in different ways – sponsoring security conferences, publish new vulnerabilities and to write blog posts about leading security researchers that work and strengthen their local community. One of the best things of being part of the cyber security community …

Know your community – Orange Tsai Read More »

?

Get in touch