Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jan 07, 2023,

updated Jan 07, 2023

=> Installing Fedora 37 and Friday’s Fedora Facts | Raspberry Pi and Arduino

Escaping from bhyve

=> ↺ Escaping from bhyve

Back in 2017, I wrote a paper in Phrack magazine about a VM escape in Qemu. The vulnerabilities were present in two network card device emulators: RTL8139 and PCNET. After the publication of Reno Robert's paper on the same Phrack issue about a couple of VM escape in bhyve, I decided to audit the code of the available network device emulators.
The bug in the AMD PCNET emulator is related to a checksum inserted beyond the limit of the allocated buffer. I found a similar bug in the PCI E82545 emulator where the UDP packet checksum is inserted at a controlled index. In the following, I will present how I turned a two-bytes stack-based overflow into code execution.

Your X Server May No Longer Swing Both Ways By Default

=> ↺ Your X Server May No Longer Swing Both Ways By Default

A new change to Xorg will now prohibit automatic byteswapping in the X server by default. A client connecting to a server that advertises a different endianness will be kicked off with an error. If you want this support, you'll either need to pass +byteswappedclients on the command line to the X server, or put "AllowByteSwappedClients" "on" in the Options stanza in your xorg.conf. This is also a change request for Fedora 38 which of this writing is still proposed and not accepted.

mjg59 | Asking ChatGPT to write my security-sensitive code for me [Ed: Still attacking software freedom]

=> ↺ mjg59 | Asking ChatGPT to write my security-sensitive code for me | ↺ Still attacking software freedom

To bind an encryption key to the value of a TPM NV index, you can use the TPM2_NV_DefineSpace command with the TPMA_NV_BIND attribute.
I'm not afraid of being unemployed in the near future.

This Week In Security: Lastpass Takeaway, Bitcoin Loss, And PyTorch

=> ↺ This Week In Security: Lastpass Takeaway, Bitcoin Loss, And PyTorch

We mentioned the LastPass story in closing a couple weeks ago, but details were still a bit scarce. The hope was that LastPass would release more transparent information about what happened, and how many accounts were accessed. Unfortunately it looks like the December 22nd news release is all we’re going to get. For LastPass users, it’s time to make some decisions.

=> gemini.tuxmachines.org

Proxy Information
Original URL
gemini://gemini.tuxmachines.org/n/2023/01/07/Security_Leftovers.2.gmi
Status Code
Success (20)
Meta
text/gemini;lang=en-GB
Capsule Response Time
140.152789 milliseconds
Gemini-to-HTML Time
0.710011 milliseconds

This content has been proxied by September (3851b).