Focus on source code security and collect the latest information at home and abroad!
Compiled by: Code Guard
Microsoft has discovered multiple memory corruption vulnerabilities in the ncurses programming library that can be exploited to run malicious code on vulnerable Linux and macOS systems.
Microsoft threat intelligence researchers Jonathan Bar Or, Emanuele Cozzi and Michael Pearse mentioned in a technical report, "Using environment variable poisoning, attackers can use a combination of these vulnerabilities to elevate privileges and run code in the context of the target program or execute Other malicious operations." The unified number of these vulnerabilities is CVE-2023-29491 (CVSS score 7.8), which has been fixed in April 2023. Microsoft said it has worked with Apple to fix macOS vulnerabilities related to these flaws.
Environment variables are user-defined values that can be used by multiple programs on the same system and affect how they behave on the system. Manipulating variables can cause the application to perform unauthorized operations. Through code audit and fuzz testing, Microsoft discovered that the ncurses library searches for various environment variables such as TERMINFO, then poisons it and achieves privilege escalation by combining other vulnerabilities. Terminfo is a database that enables programs to display terminals in a device-independent manner.
These vulnerabilities include stack information leakage, parameterized string type confusion, one-by-one errors, heap out-of-bounds during parsing of Terminfo database files, and denial of service for canceled strings.
"An attacker can exploit the discovered vulnerabilities to escalate privileges and run code in the context of the target program. However, gaining control of a program by exploiting multiple memory corruption vulnerabilities requires a multi-stage attack. An attacker would need to combine their exploits," the researchers said. These vulnerabilities escalate privileges, such as exploiting stack information leaks to obtain arbitrary read primitives, while exploiting heap overflows to obtain write primitives."
Code Guard trial address: https://codesafe.qianxin.com
Open source guard trial address: https://oss.qianxin.com
Recommended reading
Microsoft Azure FabricScape vulnerability can be used to hijack Linux clusters
Nimbuspwn: Microsoft discovered multiple privilege escalation flaws in the Linux operating system
Microsoft builds customized Linux operating system to protect IoT devices
Original link
https://thehackernews.com/2023/09/microsoft-uncovers-flaws-in-ncurses.html
Title image: Pexels License
This article was compiled by Qi Anxin and does not represent the views of Qi Anxin. Please indicate "Reprinted from Qianxin Code Guard https://codesafe.qianxin.com" when reprinting.
Qi'anxin Code Safe (codesafe)
The first domestic product line focusing on software development security.
If you think it’s good, just click “Looking” or “Like”~