Vulnerability Summary The following advisory describes Heap overflow vulnerability that can lead to remote code execution in Pervasive SQL server (Version 12.01.031.000). Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vulnerability Description BusyBox provides an `arp` applet which is missing an array bounds check for command-line parameter `IFNAME`. It is therefore vulnerable to a command-line based local stack buffer overwrite effectively allowing local users to write past a 16 bytes fixed stack buffer. This leads to two scenarios, one (A) where an IOCTL for GET_HW_ADDRESS …
SSD Advisory – BusyBox (local) cmdline Stack Buffer Overwrite Read More »
Happy new year everyone! One of our new year’s resolution is to promote the security community in different ways – sponsoring security conferences, publish new vulnerabilities and to write blog posts about leading security researchers that work and strengthen their local community. One of the best things of being part of the cyber security community …
Any questions? Interested in our services?
We’d love to hear from you
