search for: googleprojectzero

By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. Additional technical details are available from Google Project Zero. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html The FreeBSD Security Team was notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since we received relatively late notice of the issue, our ability to provide fixes is...

By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. Additional technical details are available from Google Project Zero. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html The FreeBSD Security Team was notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since we received relatively late notice of the issue, our ability to provide fixes is...

Based on an article that was mentioned on this list https://googleprojectzero.blogspot.nl/2014/08/the-poisoned-nul-byte-2014-edition.html I found two attacker controlled memory leaks in the option parsing of pkcheck.c. These memory leaks allow a local attacker the ability to "spray the heap", i.e. initialize large parts of the heap before launching his attack. Th...

....redhat.com/errata/RHBA-2017-0392.html > 33395736c057583471a3e8d3554adb014d0d4cd167aa03bad5099c02faad1d38 polkit-0.112-11.el7_3.src.rpm Note that this update fixes neither the memory leak in the options parsing of the setuid binary pkexec, nor does it fix the memory leaks in pkcheck. https://googleprojectzero.blogspot.nl/2014/08/the-poisoned-nul-byte-2014-edition.html https://bugs.freedesktop.org/show_bug.cgi?id=99626 https://bugzilla.redhat.com/show_bug.cgi?id=1418278 https://bugzilla.redhat.com/show_bug.cgi?id=1418287 https://bugzilla.redhat.com/show_bug.cgi?id=1418824 https://bugzilla.redhat.com/show...

CentOS Errata and Bugfix Advisory 2017:0392 Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0392.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 426b0df04652f9936e703dc74a62cdc6b88ddd6e79fe705fcfabbc93469384f7 polkit-0.112-11.el7_3.i686.rpm

CentOS Errata and Bugfix Advisory 2017:0392 Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0392.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 426b0df04652f9936e703dc74a62cdc6b88ddd6e79fe705fcfabbc93469384f7 polkit-0.112-11.el7_3.i686.rpm

On Thu, 2017-02-02 at 07:16 -0800, Gordon Messmer wrote: > On 02/02/2017 06:51 AM, Leonard den Ottolander wrote: > > pkcheck might not be directly vulnerable. However, pkexec is. > > > If that's so, why are you supplying patches to pkcheck rather than > fixing pkexec? The patch has a fix for three memory leaks. One memory leak that allows heap spraying in pkexec.c that

...riant #1 (a.k.a. Spectre Variant #1): Bounds check (or predicate) bypass * GPZ Variant #2 (a.k.a. Spectre Variant #2): Branch target injection * GPZ Variant #3 (a.k.a. Meltdown): Rogue data cache load For more details, see the Google Project Zero blog post and the Spectre research paper: * https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html * https://spectreattack.com/spectre.pdf The core problem of GPZ Variant #1 is that speculative execution uses branch prediction to select the path of instructions speculatively executed. This path is speculatively executed with the avai...