Vulnerabilities (Page 16)

mast1c0re: Part 3 - Escaping the emulator

A PS2 emulator escape that can be exploited on PS4/PS5.In the previous binary episode we covered part 2 which was a stack overflow in Okage: Shadow King, by chaining that with this out-of-bounds (OOB) write in the emulator, full userland code execution is possible…

 

Readline crime: exploiting a SUID logic bug

A bug in the readline library used in this case by chfn (change finger).They noticed that readline could take an INPUTRC environment variable for configuration data, which would get parsed line-by-line…

 

OpenSSH Pre-Auth Double Free Writeup & PoC [CVE-2023-25136]

A use-after-free (UAF) yielding double free in OpenSSH that’s hittable pre-authentication.The bug mainly comes down to the compat_kex_proposal function for doing key exchange, and its support for older clients that set the SSH_OLD_DHGEX flag…