Buffer Overflow

SSD Advisory – Netgear Nighthawk R8300 upnpd PreAuth RCE

TL;DR Find out how we exploited an unauthenticated Netgear Nighthawk R8300 vulnerability and gained root access to the device. Vulnerability Summary The Nighthawk X8 AC5000 (R8300) router released in 2014, is a popular device sold by Netgear with almost 2000 positive reviews on Amazon. A vulnerability in the way the R8300 handles UPNP packets allows …

SSD Advisory – Netgear Nighthawk R8300 upnpd PreAuth RCE Read More »

SSD Advisory – Intel Windows Graphics Driver Buffer Overflow to Privilege Escalation

IntroductionSince 2014, Intel is dominating the PC market as the leading graphics chip vendor worldwide with ~70% market share. With this overwhelming amount of units, any vulnerabilities found are bound to make an impact. Read below on how our team gained system access using an Intel’s graphics driver privilege escalation vulnerability. System access vulnerabilities and …

SSD Advisory – Intel Windows Graphics Driver Buffer Overflow to Privilege Escalation Read More »

SSD Advisory – Intel Windows Graphics Driver Out of Bounds Read Denial of Service

IntroductionSince 2014, Intel is dominating the PC market as the leading graphics chip vendor worldwide with ~70% market share. With this overwhelming amount of units, any vulnerabilities found are bound to make an impact. Read below on how our team gained system access using an Intel’s graphics driver privilege escalation vulnerability.System access vulnerabilities and others …

SSD Advisory – Intel Windows Graphics Driver Out of Bounds Read Denial of Service Read More »

SSD Advisory – OpenSSH Pre-Auth XMSS Integer Overflow

Vulnerability SummaryThe following advisory describes a Pre-Auth Integer Overflow in the XMSS Key Parsing Algorithm in OpenSSH.CVECVE-2019-16905CreditAn independent Security Researcher, Adam “pi3” Zabrocki, has reported this vulnerability to SSD Secure Disclosure program.Affected SystemsOpenSSH version 7.7 up to the latest one (8.0) supporting XMSS keys (compiled with a defined WITH_XMSS macro).Nevertheless, the bug is only there …

SSD Advisory – OpenSSH Pre-Auth XMSS Integer Overflow Read More »

SSD Advisory – VxWorks RPC Buffer Overflow

Vulnerability SummaryThe following advisory describes a vulnerability found in the Remote Procedure Call (RPC) component of the VxWorks real-time Opearting System, which suffers from a buffer overflow, this buffer overflow can be exploited to cause the component to execute arbitrary code.CVECVE-2019-9865CreditAn independent Security Researcher, Yu Zhou, has reported this vulnerability to SSD Secure Disclosure program.Affected …

SSD Advisory – VxWorks RPC Buffer Overflow Read More »

SSD Advisory – Linux BlueZ Information Leak and Heap Overflow

(This advisory follows up on a presentation provided during our offensive security event in 2018 in Hong Kong – come join us at TyphoonCon –  June 2019 in Seoul for more offensive security lectures and training)Vulnerabilities SummaryThe following advisory discuss about two vulnerabilities found in Linux BlueZ bluetooth module.One of the core ideas behind Bluetooth …

SSD Advisory – Linux BlueZ Information Leak and Heap Overflow Read More »

SSD Advisory – Apache OpenOffice Virtual Table Corruption

Vulnerabilities SummaryThe following advisory discusses a vulnerability found in Apache OpenOffice. The vulnerability lays inside the part that responsible for parsing documents, which contains has an overflow that let attackers take control over program execution.Vendor Response“We obtained a CVE number for the vulnerability you reported: CVE-2018-11790.The release will need to undergo a community vote and …

SSD Advisory – Apache OpenOffice Virtual Table Corruption Read More »

SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

The following advisory describes one (1) vulnerability found in CloudMe. CloudMe is “a file storage service operated by CloudMe AB that offers cloud storage, file synchronization and client software. It features a blue folder that appears on all devices with the same content, all files are synchronized between devices.” The vulnerability found is a buffer …

SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow Read More »

SSD Advisory – Python Bytecode Disassembler and Decompiler (pycdc) Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes 12 (twelve) vulnerabilities found in Python Bytecode Disassembler and Decompiler (pycdc). Python Bytecode Disassembler and Decompiler (pycdc) “aims to translate compiled Python byte-code back into valid and human-readable Python source code. While other projects have achieved this with varied success, Decompyle++ is unique in that it seeks to support …

SSD Advisory – Python Bytecode Disassembler and Decompiler (pycdc) Multiple Vulnerabilities Read More »

SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities

Vulnerabilities summary The following advisory describes two (2) guest to host escape found in Oracle VirtualBox version 5.1.30, and VirtualBox version 5.2-rc1. Credit An independent security researcher, Niklas Baumstark, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response Oracle were informed of the vulnerabilities and released patches to address them. For …

SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities Read More »

SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes four (4) vulnerabilities found in Livebox Fibra router version AR_LBFIBRA\_sp-00.03.04.112S. It is possible to chain the vulnerabilities into remote code execution. The “Livebox Fibra” router is “manufactured by Arcadyan for Orange and Jazztel in Spain” The vulnerabilities found in Arcadyan routers are: Unauthenticated configuration information leak Hard-coded credentials Memory …

SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities Read More »

SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation

Vulnerability Summary The following advisory describes a kernel stack buffer overflow that leads to privilege escalation found in Kingsoft Antivirus/Internet Security 9+. Kingsoft Antivirus “provides effective and efficient protection solution at no cost to users. It applies cloud security technology to monitor, scan and protect your systems without any worrying. The comprehensive defender and anti-virus …

SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation Read More »

?

Get in touch