32 - FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

10 March 2020

Show Notes

32 - FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote

Announcing Remote Participation in Pwn2Own Vancouver

Revoking certain certificates on March 4

Additional Links: https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/3 https://bugzilla.mozilla.org/show_bug.cgi?id=1619047

FuzzBench: Fuzzer Benchmarking as a Service

Additional Links: https://www.fuzzbench.com/reports/sample/index.html

Intel x86 Root of Trust: loss of trust

Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors

VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

Additional Links: https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636af https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

MediaTek rootkit affecting millions of Android devices

Zoho ManageEngine RCE

Additional Links: https://srcincite.io/pocs/src-2020-0011.py.txt

RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555)

Regex Vulnerabilities - parse-community/parse-server

HTTP request smuggling using malformed Transfer-Encoding header

[Nextcloud] Delete All Data of Any User

Dismantling DST80-based Immobiliser Systems

Exploring Backdoor Poisoning Attacks Against Malware Classifiers

DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier

Security Analysis of Memory Tagging

DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier