Microsoft has discovered a set of memory corruption vulnerabilities in the ncurses (short for new curses) programming library that could allow threat actors to run malicious code on vulnerable Linux and macOS systems.
Microsoft threat intelligence researchers Jonathan Bar Or, Emanuele Cozzi and Michael Pearse said in a technical report released today: Using environment variable poisoning, attackers can exploit these vulnerabilities to escalate privileges, run code in the context of the target program or perform other tasks. Malicious operation.
These vulnerabilities have been collectively labeled CVE-2023-29491 (CVSS score 7.8) and have been patched as of April 2023. Microsoft said it has also worked with Apple to fix macOS-specific issues related to the vulnerabilities.
Environment variables are user-defined values that can be used by multiple programs in the system and can affect the way they behave in the system. Manipulation of these variables can cause the application to perform unauthorized operations.
Microsoft's code audit and fuzz testing found that the ncurses library searches for multiple environment variables, including TERMINFO, which may be viral and combined with discovered vulnerabilities to achieve privilege escalation. Terminfo is a database that enables programs to use display terminals in a device-independent manner.
These vulnerabilities include stack information leakage, parameterized string type confusion, one-by-one errors, heap out-of-bounds during parsing of Terminfo database files, and denial of service using canceled strings.
Researchers say an attacker could exploit the discovered vulnerability to escalate privileges and run code in the context of the target program. Even so, it would require a multi-stage attack for an attacker to gain control of a program by exploiting a memory corruption vulnerability.
An attacker may need to chain these vulnerabilities in order to escalate privileges, such as exploiting a stack information leak to obtain arbitrary read primitives while simultaneously exploiting a heap overflow to obtain write primitives.
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
Network security learning resource sharing:
Finally, I would like to share with you a complete set of network security learning materials that I have studied myself. I hope it will be helpful to friends who want to learn network security!
Getting Started with Zero Basics
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said to be the most scientific and systematic learning route. It will be no problem for everyone to follow this general direction.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can learn them all, you will have no problem taking on private work.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above. [Click to get the video tutorial]
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are also more than 200 e-books [Click to receive technical documents ]
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF and digging SRC vulnerabilities. There are also more than 200 e-books [click to receive the book ]
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to get the
CSDN gift package: "Hacking & Network Security Introduction & Advanced Learning Resource Package" for free sharing
