Fuzzing for Vulns, GitLab Auth Bypass, JPEG Vulns, Programming Language Ranks – ASW #300
Fuzzing network traffic in OpenWRT, parsing problems lead to GitLab auth bypass, more fuzzing finds vulns in a JPEG parser, and more!
Hosts
- 1. 4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways | hyprblog
This article has a very familiar opening about a "buffer overflow caused by a copy operation that uses a length value taken directly from attacker-controlled packet data without bounds checking."
It was discovered with a fuzzer, which might not sound as cool as using an AI or LLM, but remains one of the most effective tools for vuln discovery.
- 2. Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS | by Mikko Kenttälä | Sep, 2024
I can't resist a vuln write-up that talks about path traversal. This article also demonstrates persistence in focus on tracking vulns over long timeframes.
- 3. GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10
Authentication endpoints are fruitful areas for research. Not to mention how often we talk about authentication, SSO, and SAML around here.
At the heart of this vuln is a parsing problem with XML. I don't think we'll be able to get rid of XML any time soon, but it's at least better than the mess of ASN.1 that has plagued OpenSSL (and certificates) for ages. What's a good format that balances human readability with mistake-resistant structure for parsing?
- 4. Blog: CVR: The Mines of Kakadûm
I referenced The Silmarillion in last week's episode intro, so I felt obliged to include this article that makes a subtle nod to Khazad-dûm.
It also ties in nicely with this week's theme of file formats, parsing, and fuzzing. You don't have to get into the exploit details to appreciate this article or take away some lessons in parsing, sandboxing, and handling user-generated content.
- 5. [FYI] fwd:cloudsec Europe 2024
The recording is available. Two presentations that stood out to me were:
- Service Agents and the Search for Transitive Access in GCP – starts here
- GCP and AWS identity federation - lessons learned from the field as well as cross-cloud forensics and incident response – starts here
- 6. The RedMonk Programming Language Rankings: June 2024 – tecosystems