Bad Patches, Fuzzing Sockets, & 3DS Hacked by Super Mario
01:49:51 Share

Some drama in the Linux Kernel and so many vulns resulting in code execution in Homebrew, GitLab, an air fryer, Source engine, Super Mario Maker, Adobe Reader and the Linux Kernel.

[00:00:32] On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits

• https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf

• https://lore.kernel.org/linux-nfs/YH+zwQgBBGUJdiVK@unreal/

• https://lore.kernel.org/linux-nfs/YH%2FfM%[email protected]/

• During this episode we speculated that the recent patches might be unrelated to the research. This seems to have been confirmed by U. Mn in an email we did not see before recording 

• https://lore.kernel.org/lkml/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com/

[00:15:18] Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective

• https://signal.org/blog/cellebrite-vulnerabilities/

[00:22:30] [Ubuntu] OverlayFS LPE

• https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/

[00:25:48] Synology DSM AppArmor synosearchagent misconfiguration

• https://talosintelligence.com/vulnerability_reports/TALOS-2020-1158

[00:28:22] [GitLab] RCE via unsafe inline Kramdown options

• https://hackerone.com/reports/1125425

[00:35:25] [Homebrew] Broken parsing of Git diff allows an attacker to inject arbitrary Ruby scripts to Casks on official taps

• https://hackerone.com/reports/1167608

• https://blog.ryotak.me/post/homebrew-security-incident-en/

[00:41:52] Remote code execution vulnerabilities in Cosori smart air fryer

• https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html

• https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217

• https://talosintelligence.com/vulnerability_reports/TALOS-2020-1216

[00:48:54] Source engine remote code execution via game invites [CVE-2021-30481]

• https://secret.club/2021/04/20/source-engine-rce-invite.html

[01:00:40] Discussion: Should programs be banned from Hackerone

• https://dayzerosec.com

[01:08:54] [Nintendo|3DS] Buffer Overflow in Super Mario Maker level decompression

• https://hackerone.com/reports/687887

[01:15:12] PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability

• https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219

[01:20:12] Analysis of a use-after-free Vulnerability in Adobe Acrobat Reader DC

• https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/

• https://www.zerodayinitiative.com/blog/2021/4/22/cve-2021-20226-a-reference-counting-bug-in-the-linux-kernel-iouring-subsystem

[01:31:21] Designing sockfuzzer, a network syscall fuzzer for XNU

• https://googleprojectzero.blogspot.com/2021/04/designing-sockfuzzer-network-syscall.html

[01:37:26] gaasedelen/tenet: A Trace Explorer for Reverse Engineers

• https://github.com/gaasedelen/tenet

[01:40:41] tmp.0ut

• https://tmpout.sh/1/

[01:44:35] Phœnix exploit / iOS 9.3.5

• https://gist.github.com/Siguza/96ae6d6806e974199b1d44ffffca5331

[01:46:02] Experiences with Apple Security Bounty

• https://theevilbit.github.io/posts/experiences_with_asb/

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the vide