secnotes

icon company Unicorn icon location Mars icon location Security Assessment and Testing

Results 17 issues of secnotes

Heap-buffer-overflow in UnsetPending

Hi :) When I was decompiling the Lua script on openwrt, I found a `segmentation fault` error. I try to debug luadec to find the location of bug. Size of...

500 Internal Server Error on Ubuntu 2022.04 and Kali 2022.01+

- [ ] 在最新的 Ubuntu 以及 Kali上,存在网络无法访问的问题。 - [ ] 在最新的 Ubuntu 以及 Kali上,高版本 binwalk 存在 bug,无法提取许多固件的根文件系统。

bug

Some arbitrary address read vulnerabilities in readelf

Hi, there are many out-of-bounds read leading to possible temporary denial of service in readelf. PoC [poc_elf_out_of_bounds.zip](https://github.com/klange/toaruos/files/8879458/poc_elf_out_of_bounds.zip) ```shell ./readelf -a poc_elf_out_of_bounds ELF Header: ... Program Headers: Type Offset VirtAddr PhysAddr...

Memory leak in readelf

Hi `stringtable` variable appears to be missing in readelf. ```diff git diff diff --git a/apps/readelf.c b/apps/readelf.c index ce25d5e1..7ccb8082 100644 --- a/apps/readelf.c +++ b/apps/readelf.c @@ -803,6 +803,7 @@ int main(int argc,...

Buffer overflow causing RCE in readelf

Hi, readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. Through elaborately constructed elf files, remote code execution can be realized. PoC ```shell...

Null pointer due to insufficient permissions in weather-configurator.

1 comment

Hi If we run weather-configurator with normal permissions, the program will crash due to null pointer. ![bug](https://user-images.githubusercontent.com/25031216/172337679-6541a303-ce1e-42f8-a6fb-415b7583de33.png) Bug ```c FILE * f = fopen("/etc/weather.json", "w"); fprintf(f, "{\n"); ```

Add GDPRDPIAT

A GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺

BadTokenException (Similar to race condition):未校验登录 View 导致的应用崩溃

**[scenario]** 点击“点击头像登录”,此时并不登录;点击“看帖”,出发崩溃 **[Analysis]** 将要弹出的 dialog(登录)所要依附的 View 已经不存在导致的。 ```java //Ruisi-master/app/src/main/java/me/yluo/ruisiapp/activity/LoginActivity.java @Override public void onFailure(Throwable e) { AlertDialog dialog = new AlertDialog.Builder(LoginActivity.this) .setTitle("加载失败") .setMessage("是否重新加载") .setPositiveButton("重新加载", (dialogInterface, i) -> loadData()) .setNegativeButton("关闭", (dialogInterface, i)...

NullPointerException (Null Pointer->Crash):未判断服务端返回数据是否为空导致的应用崩溃

**[scenario]** 网络异常时,直接登录,触发崩溃 **[Analysis]** 没有对收到的http报文进行判空操作 ![Snipaste_2021-09-12_13-10-40](https://user-images.githubusercontent.com/25031216/133444455-8ebe3d0d-859a-4da3-ab76-815e0af32748.png) **[Suggestions]** ![3](https://user-images.githubusercontent.com/25031216/133444523-70f98826-dcff-44a1-b121-fdaded3b0c41.png) 199行代码之后,判断 `loginUrl` 是否为空,如果空,则弹窗或者直接报错,不进行后续的登录流程 **[Log]** ```shell beyond1q:/data/system/dropbox # cat [email protected] Process: me.yluo.ruisiapp Flags: 0x28c8be44 Package: me.yluo.ruisiapp v40 (2.9.8.2) Foreground: Yes Build: samsung/dream2qltezh/dream2qltechn:7.1/N2G48H/G9550ZHU1AQEE:user/release-keys java.lang.NullPointerException: Attempt...

奥斯卡欠你一座小金人!