What's your favorite file format challenge / trick / bug / surprise / work / art ?
Bonus point if it's underrated or obscure!

Extremely vulnerable blinky boxes are viable business because shit like this:

If you want debug logs from Squid you are expected to supply *pairs of numbers* in the config for debug section and level. The manual says:

"We take great pains to keep debug sections consistent across releases." -> meaning they aren't...

https://wiki.squid-cache.org/KnowledgeBase/DebugSections

#FOSS

Happy 37th anniversary of the Max Headroom Incident, to those who celebrate.

#Adobe released a surprise update for InDesign that addresses a single OOB Read reported by ZDI security researcher Mat Powell. It's not under active attack, so it's odd to see it released outside of Patch Tuesday. https://helpx.adobe.com/security/products/indesign/apsb24-91.html

  

New Project Zero issue:

Linux >=6.6: race between mremap (move_normal_pmd) and MADVISE_COLLAPSE (retract_page_tables)

https://project-zero.issues.chromium.org/issues/371047675

CVE-2024-50066

Yeah this should be totally obvious... /s

https://discuss.kotlinlang.org/t/kotlin-sublass-constructors-do-not-inherit-default-parameter-values/27936

#kotlin

A lovely review and takedown of Microsoft's lackadaisical approach to NTLM issues.

At the very least, please disable outbound SMB from your environment, and get signing/encryption (v2/3) going wherever possible.

https://blog.morphisec.com/5-ntlm-vulnerabilities-unpatched-privilege-escalation-threats-in-microsoft

@rtfmkiesel finally some old infosec twitter vibes <3

Got nerd sniped today by Qualys's 5 Linux LPE 0days

https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

Did a PoC for CVE-2024-10224

The blog post (and tooling) on my Apple kernel extension fuzzing technique that I used to find several AppleAVD AV1 decoder bugs is now public at https://googleprojectzero.blogspot.com/2024/11/simple-macos-kernel-extension-fuzzing.html

New vulnerability report from Talos:

GoCast name parameter OS command injection vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1960

CVE-2024-28892

New vulnerability report from Talos:

GoCast NAT parameter OS command injection vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1961

CVE-2024-29224

New vulnerability report from Talos:

GoCast HTTP API lack of authentication vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1962

CVE-2024-21855

New vulnerability report from Talos:

MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953

CVE-2024-28025,CVE-2024-28026,CVE-2024-28027,CVE-2024-28025,CVE-2024-28026,CVE-2024-28027

Aaaand our QEMU patchset to automatically promote helpers to TCG (using LLVM) is out! 😱😱😱

It has been in the making for quite some time, we’re very proud of it. 💪

Presentation: https://www.youtube.com/watch?v=Gwz0kp7IZPE

Patchset: https://lists.gnu.org/archive/html/qemu-devel/2024-11/msg04035.html

@bean See also: https://www.nccgroup.com/us/research-blog/shell-arithmetic-expansion-and-evaluation-abuse/

What the absolute fuck: https://yossarian.net/til/post/some-surprising-code-execution-sources-in-bash

In short: [[ "$foo" -eq whatever ]] in bash can run arbitrary code.

That looks like something that can realistically trigger in a lot of scripts.

(also test -v, but I barely ever see that one used)

Edit: This also happens in zsh 5.9 (but the referenced variable needs to exist) and mksh

They also need to provide for an at-cost syndication of the search index to any who want it for ten years to correct for anticompetitive behavior in the market.

Basically, Google has to give competitors a card to the Library of Babylon.

Ten. Years. Search will never be the same.

Leveling Up Fuzzing: Finding more vulnerabilities with AI:

https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html

#fuzzing #google #vulnerabilities #ai #informationsecurity #cybersecurity