GitLab security advisory: GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10
CVE-2024-45409 (perfect 10.0 critical 🥳 cc: @cR0w) SAML authentication bypass

GitLab doing me a heccin' concern because they're already talking about detecting unsuccessful and successful exploitation attempts. I can't definitively say if exploitation in the wild occurred based on the verbiage in this advisory.

cc: @campuscodi @goatyell @da_667

#CVE_2024_45409 #GitLab #vulnerability #CVE

@qwertyoruiop thx I'll take a look!

Tonight in "Fun with #FOSS":

I installed gerbera to do DLNA things. Config dot freaking XML should've been a warning sign, but I know how to computer.

It took about half an hour until I figured out from the docs what XML tag I should use and where to point to the directory where my media content is (it's not in the default config).

The fun begins when the systemd unit just exists. There is a logging option, but no hint about where the logs are. Nvm, journalctl captured stdout:

"level attribute is missing or invalid"

There is no "level" attribute in the docs.

Googling: 0 result - spoiler: this is because the second part of the message comes from an XML lib, while the attribute name comes from the XSD.

The solution is to checkout the git tag corresponding to the OS package version, find the XSD and the attribute definition in it. I fixed the config.

The software now runs (it just doesn't work).

@malwaretech 10/43 words (give or take) of the first tweet is mil/intel jargon... Also note the two "may"'s in the opening sentence. See also: https://rationalwiki.org/wiki/Just_asking_questions

The city of 's-Hertogenbosch is multiple examples of "falsehoods programmers believe about place names"

@devcoffee He has a couple more essays of similar style, all worth reading! :)

Of course, the wisdom of James Mickens applies:

https://www.usenix.org/system/files/1401_08-12_mickens.pdf

@Viss @steely_glint it's a pretty explicit way to uncover connections too

Android Virtualization Framework - runs the "host" (Android and Linux kernel) in a VM and launches isolated envs. (= pVMs). Based on KVM but offloads complex code to the host VM. pVM firmware is in Rust
- https://www.youtube.com/watch?v=K24dmA7QGLE
- https://source.android.com/docs/core/virtualization/security
- https://android.googlesource.com/platform/packages/modules/Virtualization/+/refs/tags/aml_con_341511080/pvmfw/

https://bird.makeup/@lauriewired/1832541105390547456

From the WTAF dept: 3 killed, > 1,000 wounded in Beirut by exploding pagers:

"BEIRUT, Sept 17 (Reuters) - At least three people were killed and more than 1,000 others including Hezbollah fighters, medics and Iran's envoy to Beirut were wounded on Tuesday when the pagers they use to communicate exploded across Lebanon, security sources told Reuters.

A Hezbollah official, speaking on condition of anonymity, said the detonation of the pagers was the "biggest security breach" the group had been subjected to in nearly a year of conflict with Israel."

https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/

via @dangoodin

@briankrebs

NYT: Lebanon's health minister, Firas al-Abyad, said in a press conference that eight people were killed by exploding paging devices and at least 2,780 were wounded, including 200 in serious condition.

https://www.nytimes.com/live/2024/09/17/world/israel-hamas-war-news/c1da8115-a99a-5962-9a47-87e3972a72bc

The web Hackvertor now has all of the tags to conduct email parser discrepancies attacks.

https://hackvertor.co.uk/

Ok, my article on porting the SBCL common #lisp implementation to the nintendo #switch is now live:

https://reader.tymoon.eu/article/437

Boosts would be much appreciated! It's been a lot of work to get this far.

#opensource #gamedev #indiedev

This is your monthly reminder that JetBrains still hasn't assigned any CVEs to their "3 security problems have been fixed" for TeamCity version 2024.07.2 released 29 August 2024. No new CVEs since 16 August 2024.

#jetbrains #teamcity #vulnerability

@joxean @raptor I never thought it was but I'm not an AI expert...

@raptor I still stand by my hypothesis that LLM's may be useful if their output is easy to verify. 1 LoC should be easy enough to verify.

I'd like to share some of my projects that are hosted on @github. Let's start with my public #exploits that span more than two decades of #pwning.

https://github.com/0xdea/exploits

"You can't argue with a root shell." -- Felix "FX" Lindner

Probably the most known is raptor_udf.c that targets #MySQL (those of you who solved the @offsec #OSCP training labs should recognize it).

My favorite is still raptor_rlogin.c, a glorious #Solaris #RCE from the early 2000s. Take your pick!

"What you think of Oracle _is even truer_ than you think it is!" - Bryan M. Cantrill[1]

Ellison Declares Oracle 'All In' On AI Mass Surveillance

https://developers.slashdot.org/story/24/09/16/213256/ellison-declares-oracle-all-in-on-ai-mass-surveillance

[1]https://youtu.be/-zRN7XLCRhc?si=FAsYQN2_Xoelkzlp&t=2048

i'm sorry, what??? https://www.justice.gov/usao-edny/pr/ticketmaster-pays-10-million-criminal-fine-intrusions-competitor-s-computer-systems-0

[RSS] Reasons for the unreasonable success of fuzzing (Halvar Flake, Google Slides)

https://docs.google.com/presentation/d/1vw9lywrMnNojiOIu-xU5KXZz7WzE0MYNQF6V7n6vyY8/edit#slide=id.g2768ca7ef44_0_65