How to get root on Ubuntu 20.04 by pretending nobody’s /home
Ubuntu 20.04 local privilege escalation using vulnerabilities in gdm3 and accountsservice (CVE-2020-16125, CVE-2020-16126, CVE-2020-16127)
Ubuntu 20.04 local privilege escalation using vulnerabilities in gdm3 and accountsservice (CVE-2020-16125, CVE-2020-16126, CVE-2020-16127)
In this post I’ll give details about how to exploit CVE-2020-6449, a use-after-free (UAF) in the WebAudio module of Chrome that I discovered in March 2020. I’ll give an outline of the general strategy to exploit this type of UAF to achieve a sandboxed RCE in Chrome by a single click (and perhaps a 2 minute wait) on a malicious website.
Security is a complex area. One software component may break the assumptions made by another component and it is not always clear who should fix the code to remediate the security implications.
Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.
In this post I’ll show how input validation which should be used to prevent malformed inputs to enter our applications, open up the doors to Remote Code Execution (RCE).
This post details how an open source supply chain malware spread through build artifacts. 26 open source projects were backdoored by this malware and were actively serving backdoored code.
We examine the dangers of network integer arithmetic based on a case study of security vulnerabilities reported to the ntop project.
In this post I’ll show how garbage collections (GC) in Chrome may be triggered with small memory allocations in unexpected places, which was then used to cause a use-after-free bug.
This is the fourth and final post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-11484, a vulnerability in whoopsie which enables a local attacker to get a shell as the whoopsie user, thereby gaining the ability to read any crash report.
This is the third post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-15790, a vulnerability in apport that enables a local attacker to obtain the ASLR offsets for any process they can start (or restart).
This is the second post in our series about Ubuntu’s crash reporting system. We’ll review CVE-2019-7307, a TOCTOU vulnerability that enables a local attacker to include the contents of any file on the system in a crash report.
This post summarizes several security vulnerabilities in Ubuntu’s crash reporting system: CVE-2019-7307, CVE-2019-11476, CVE-2019-11481, CVE-2019-11484, CVE-2019-15790. When chained together, they allow an unprivileged user to read arbitrary files on the system.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.