Vulnerabilities (Page 47)

[Reddit] Race Condition Allowing a User to Recieve More Coins Than Purchased

When purchasing coins for Reddit on Android there is a call to a /verify_purchase endpoint which is vulnerable to a race condition.The idea being that this endpoint, being provided some of the transaction information would validate it and give the coins to the purchaser, however there is a problem when handling multiple concurrent requests to endpoint…

 

Tricking the Kernel into Inappropiately Generating Core Dumps [SuDump]

Bit of a logic bug/abuse resulting in the ability to write files with semi-controlled content in any directory regardless of privileges. Under normal circumstances when a suid binary crashes, it will be considered non-dumpable, more generally speaking, when a process has a difference between its real and effective group or user ids it will not be dumped.