GNU C Library 2.39 Released With New Tunables, stdbit.h For ISO C2X

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Nelson
    replied
    Originally posted by sophisticles View Post

    It is not possible to pull off these attack vectors remotely.
    It absolutely is, you have to compromise the system another way remotely first though. Running the web server as a lower privileged user is sort of a classical step to limit the blast radius upon compromise, as an example, this could potentially circumvent that protection.

    its not a “hair on fire” ultra critical exploit, but it’s bad and needs to be addressed.

    Leave a comment:


  • sophisticles
    replied
    Originally posted by aviallon View Post

    Actually, I think that suid programs should link against a formally verified libc, which could be done with relibc + prustli for instance.
    Code that sees that much reuse everywhere really needs formal proof.
    This is why the United States passed the Securing Open Source Act of 2022 and 2023:





    The truth is there are a lot of vulnerabilities in Linux via glibc:

    Explore the CVE-2023-4911 Looney Tunables exploit, a significant flaw in the Linux GLIBC_TUNABLES feature: impact, detection methods & preventive measures


    It's exploits like this one that validated the other poster's claims in his mind. The thing is that this, like most related exploits, is a local privilege escalation vulnerability​, in order to make use of it a person has to be sitting in front of a computer running Linux.

    The danger of exploits like this one to corporations and government agencies is from inside jobs, threat actors that are withing the organization that wish to hurt the entity or steal data.

    It is not possible to pull off these attack vectors remotely.
    Last edited by sophisticles; 01 February 2024, 03:29 PM.

    Leave a comment:


  • sophisticles
    replied
    Originally posted by oleid View Post

    What's the story behind this?
    This goes back to the article Michael published about the 96C/192T Threadripper.

    I offered the opinion that AMD's TR's were effectively a scam with regards to most users needs and that a desktop Intel offering was the better choice. I posted a link to an article with benchmarks by Puget Systems that showed an i7 beating the 32C/64T TR and matching the 64C/128T TR.

    This user lost his mind and could not handle the benchmark results and accused me of infecting his computer that was running a fresh install of Fedora 39 with a virus that survived one reformat but not a second one.

    His claims morphed from there to include that I am a member of Israeli Intelligence targeting him because he is a "dissenter", then it became i had accomplices that had decided to "attack" the FOSS community, then it became we were targeting Phoronix members.

    If you go back and read his posts, you will see his claims morphing, the more i gave technical explanations as to why his claims do not stand up to scrutiny they more layers he added until we ended up here.

    I hope he or she gets the help they need.
    Last edited by sophisticles; 01 February 2024, 03:29 PM.

    Leave a comment:


  • aviallon
    replied
    Originally posted by sdack View Post
    It is a bit surprising to me how in the year 2024 the GNU C Library still contains bugs such as these:

    GLIBC-SA-2023-0002:
    getaddrinfo: Stack read overflow in no-aaaa mode (CVE-2023-4527)

    GLIBC-SA-2023-0003:
    getaddrinfo: Potential use-after-free (CVE-2023-4806)

    GLIBC-SA-2023-0004:
    tunables: local privilege escalation through buffer overflow
    (CVE-2023-4911)

    GLIBC-SA-2024-0001:
    syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)

    GLIBC-SA-2024-0002:
    syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)

    GLIBC-SA-2024-0003:
    syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)

    It is one of the most essential libraries on a system and as such has to be checked rigorously before every release against such bugs. Whoever is at the head of the project should resign.
    Actually, I think that suid programs should link against a formally verified libc, which could be done with relibc + prustli for instance.
    Code that sees that much reuse everywhere really needs formal proof.

    Leave a comment:


  • sdack
    replied
    It is a bit surprising to me how in the year 2024 the GNU C Library still contains bugs such as these:

    GLIBC-SA-2023-0002:
    getaddrinfo: Stack read overflow in no-aaaa mode (CVE-2023-4527)

    GLIBC-SA-2023-0003:
    getaddrinfo: Potential use-after-free (CVE-2023-4806)

    GLIBC-SA-2023-0004:
    tunables: local privilege escalation through buffer overflow
    (CVE-2023-4911)

    GLIBC-SA-2024-0001:
    syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)

    GLIBC-SA-2024-0002:
    syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)

    GLIBC-SA-2024-0003:
    syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)

    It is one of the most essential libraries on a system and as such has to be checked rigorously before every release against such bugs. Whoever is at the head of the project should resign.

    Leave a comment:


  • rene
    replied
    Isn't it surprising and ironic how this T2 Linux ships that glibc with ia-64 support restored on the same day? https://www.youtube.com/watch?v=xmG8XCqstD8 Duno, maybe they are on to something? ;-)

    Leave a comment:


  • clippy
    replied
    Originally posted by oleid View Post

    What's the story behind this?
    quarium claims to be the victim of a cyberattack by sophisticles to backdoor their computer, via a Firefox/glibc/UEFI exploit chain. They claim that the Phoronix forums are being infiltrated in a coordinated effort to harm FOSS. Quarium needs professional help.

    Leave a comment:


  • oleid
    replied
    Originally posted by qarium View Post

    Sophisticles you asked me how you and your cronies did go from a Firefox 119 CVE to the LogoFail UEFI/BIOS hack

    What's the story behind this?

    Leave a comment:


  • sophisticles
    replied
    Michael

    I am formally requesting you put a stop to this user's accusations of criminal activity by me.

    I request that you ban his account and delete all his posts.

    Please let me know if you will be able to handle this matter.

    Thank you.
    Last edited by sophisticles; 01 February 2024, 02:12 AM.

    Leave a comment:


  • qarium
    replied
    How to detect the Trojan the Sophisticles RICO gang installed on phoronix.com forum member Victims computers.

    https://www-heise-de.translate.goog/hintergrund/Studiere-deinen-Feind-IoCs-als-Bausteine-einer-effektiven-IT-Verteidigung-9606508.html?seite=3&_x_tr_sl=de&_x_tr_tl=en&_x_tr _hl=de&_x_tr_pto=wapp



    there are filters to use with YARA who can detect it.

    one should inspect the hash number of \EFI\OEM\Logo.jpg with the orginal UEFI/BIOS logo of the main board manufacturer.

    if the mainboard does not have the LogoFail bug like Dell computers there are other hacks of UEFI/Secure-boot to like BlackLotus

    BlackLotus UEFI Windows Bootkit. Contribute to ldpreload/BlackLotus development by creating an account on GitHub.

    Leave a comment:

Working...
X