#curl predecessor httpget 0.2 from around 1996/1997 is 165 lines. Needless to say, it has multiple critical security vulnerabilities. How many can you spot? by harrysintonen in c/cybersecurity@fedia.io
[-] harrysintonen@infosec.exchange 1 points 1 month ago* (last edited 1 month ago)

The httpget 0.2 doesn't quite work in the form it was uploaded.

First it uses hardcoded argv, argc instead of getting from the app invocation (as args in main, the code uses void main).

Second obtaining any data from the socket will result in the app stopping and leaving behind an empty file (if (nread) break;).

This program could never download anything. It is likely some work in progress or modified test version of httpget. Since it includes some windows specific headers and has disabled the unix ones I can only presume it was some earlier attempt to get the tool running on windows.

So while the code has a local stack buffer overflow it can't be triggered for this early version.

#Nordnet - nordic digital platform for savings and investments - had an issue where people could see each others information. The website has been taken down for now. by harrysintonen in c/cybersecurity@fedia.io
[-] harrysintonen@infosec.exchange 1 points 2 months ago

#Nordnet services appear to be back.

3
#curl 8.11.1 has been released. It includes a fix to #CVE_2024_11053 - a #vulnerability I discovered. (infosec.exchange)
submitted 4 months ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io
0 comments fedilink

#curl 8.11.1 has been released. It includes a fix to #CVE_2024_11053 - a #vulnerability I discovered.

It is a logic flaw in the way curl parses .netrc file. In certain situations, the configured password can be sent to a incorrect host. Luckily the affected configurations should be quite rare and thus the situation is unlikely to occur often.

The issue has existed in the curl source code for almost twenty-five years.

https://curl.se/docs/CVE-2024-11053.html
https://hackerone.com/reports/2829063

No AI tools were used in discovering or reporting the vulnerability.

#noai #handcrafted #infosec #cybersecurity

7
Heads up: If you've used the https://github.com/puckiestyle/CVE-2024-23113 for testing Fortinet systems vulnerable to #CVE_2024_23113: The code is broken and does not reliably check for the (infosec.exchange)
submitted 4 months ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io
0 comments fedilink

Heads up: If you've used the https://github.com/puckiestyle/CVE-2024-23113 for testing Fortinet systems vulnerable to #CVE_2024_23113: The code is broken and does not reliably check for the #vulnerability. #infosec #cybersecurity

19
In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell (fedia.io)
submitted 4 months ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io
4 comments fedilink

In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.

Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:

https://learn.microsoft.com/en-us/purview/technical-reference-details-about-encryption#aes256-cbc-support-for-microsoft-365

#vulnerability #infosec #cybersecurity

12
Disclosing details of a #vulnerability I discovered 1 year ago: (fedia.io)
submitted 6 months ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io
0 comments fedilink

Disclosing details of a #vulnerability I discovered 1 year ago:

N-able Ecosystem Agent Improper Certificate Validation #CVE_2024_5445 vulnerability leads to #RCE as SYSTEM user.

Vulnerability details: https://sintonen.fi/advisories/n-able-ecosystem-agent-improper-certificate-validation.txt

N-able has rated this vulnerability CVSS 3.8, but the practical impact of this vulnerability is grave as it allows attackers in privileged network position to fully compromise vulnerable systems. While arguing for such low score N-able presentative stated that: "The vulnerability reported does not constitute an RCE, the Ecosystem agent is designed to run installation packages in a privileged context and the agent is doing what it should do when it receives such packages to install over the APIs."

I think this is somewhat disingenuous.

#infosec #cybersecurity

view more: ‹ prev next ›

harrysintonen

joined 2 years ago