php – About vulnerability in the dependency

php – About vulnerability in the dependency – Information Security Stack Exchange

microservices – Error code prefixes specific to specific micro services a vulnerability?

If your microservice architecture responds with error codes revealing which microservice had an error, doesn’t this reveal to the caller information on how your microservice architecture is designed?

Caller -> Service A -> Service B -> Service B error

Error codes:
ServiceA-000001
ServiceB-000001
ServiceC-000001

So if I send a request to A I know it talks to B and somehow I learn I can exploit this chain.

So shouldn’t our error codes be completely obscure to what microservice failed?

The question is sorta confirming my suspicion, but what are pros, cons and arguments to support this?

vulnerability – Differentiating bugs from vulnerabilities and extracting vulnerabilities from GitHub issue reports

I am performing an empirical study on deep learning libraries and therefore have collected issue reports from these deep learning libraries on GitHub. PyTorch, Keras, Caffe,scikit-learn, ApacheMXNet, Tensorflow

I have used these keywords to extract the bug reports as I have found that these appear often in actual CVEs.

  1. Buffer overflow – stack overflow, heap overflow, buffer overflow
  2. Integer overflow – integer overflow, underflow
  3. Out of bounds access – OOB, out-of-bounds
  4. Segmentation fault – segfault, segmentation fault
  5. Denial of Service – DOS, crash (only one that works)
  6. Memory/Data corruption – memory corruption, data corruption
  7. Type confusion – type confusion
  8. Division by zero – divide by zero, division by zero
  9. Incomplete validation – validation , incomplete validation, invalid validation
  10. Null pointer dereference – null pointer, nullptr
  11. Data leak – data leak, memory leak
  12. Integer truncation – truncation

However, only Tensorflow has a detailed CVE database and the rest have no CVEs or vulnerability reports. I have been informed by my supervisor that I will need to draw a clear distinction between bugs and vulnerabilities and I have been asked to do some research on how to differentiate bugs from vulnerabilities and how to determine if a bug report is a vulnerability.

I would like to ask for help and advice on how to do so.

The ideas that I currently have to determine if a bug report is a vulnerability is

  1. See if the bug report is exploitable by people

  2. See if there are code fixes for the bug report – I have been advised to check if a bug report has a fix, it may be exploitable by people.

If you would like to see the dataset that I have, feel free to DM me.

If anyone has any advice, research papers, or ideas on how to differentiate bugs from vulnerabilities, please feel free!

vulnerability – Mimicking TOCTOU in Go

I’m trying to simulate a race condition in Go to replicate a time-of-check time-of-use vulnerability (https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use). The code below takes in a user-provided fruit and searches for it in an array. If the fruit is found it returns the name of the fruit:

package main

func check(fruit string) string {
    fruits := ()string{"apple", "banana", "orange", "peach"}

    found := make(chan bool)
    go func() {
        found <- contains(fruits, fruit)
    }()

    if f := <-found; f {
        return fruit
    }
    return "Not found"
}

// Check if fruit belongs to fruits slice.
func contains(fruits ()string, fruit string) bool {
    for i := range fruits {
        if fruits(i) == fruit {
            return true
        }
    }
    return false
}

Test:

package main

import (
    "testing"
)

func TestCheck(t *testing.T) {
    fruits := ()string{"starfruit", "apple"}

    for _, fruit := range fruits {
        res := check(fruit)
        if res != "apple" {
            t.Errorf("got: %s, want: %s", res, "apple")
        }
    }
}

Essentially, I’d like the test to FAIL – e.g. it manages to return “starfruit” 100% of the time with the vulnerability unpatched. What would be the best way to do this? I’m unsure the best way of demonstrating it with my current test.

encryption – bc-fips-1.0.1 security vulnerability, CVE-2018-1000180 and CVE-2020-26939

With bc-fips-1.0.1 there are below security vulnerabilities

What are the impacts of those two CVE? Are this risks are very critical?

Both are fixed in bc-fips-1.0.2 but this version is degrading performance if system is running on low entropy /proc/sys/kernel/random/entropy_avail.

P.S: I’m new to crypto domain, please try to answer in layperson’s terms.

Is it good practice to disable firewall rules for vulnerability scanners?

I’ve been asked to ensure that our vulnerability scanning tools (like Qualys, Nexpose) are able to reach all of our AWS EC2 instances, on all ports and protocols.

Today they are limited by the current security groups (which generally allow either no traffic, or well-defined protocols such as HTTPS). We could implement a new security group scope to the CIDR range in which the vulnerability scanning engines reside, allowing the range unfettered access.

I don’t believe this is a good idea. Is there any official, written guidance (by a well-respected authority) making the case one way or the other, for disabling network, port and protocol filtering to allow vulnerability scanners full access?

dnd 5e – What class/racial abilities or spells cause vulnerability in other creatures?

I am looking for ways to cause my opponents to be vulnerable to the damage I deal in combat.

I am not interested in ignoring resistance, I am only looking to cause the vulnerability condition.
Ideally I would like it to apply to any damage type I am dealing in the moment, however at this point any type of vulnerability will do, as I have not found any on my own.

What are some of the spells, and class/racial abilities or magic items that create this condition in others? Oficial WotC content only please. (no Unearthed Arcana)

Manually Validating Vulnerabilities from a Vulnerability Scan

I just wanted to get your input in how you manually validate vulnerabilities from a vulnerability scan or a vulnerability release from a vendor. Say you received a report with a high vulnerability, the vulnerability scanner used a version check of the header. If there are no public exploits for this vulnerability, how would you check it if you do not have access to the server internally? An example would be CVE-2019-13917, I cant seem to find a public exploit to throw at the server to validate the vulnerability, and my last resource would be to send it to the IT team responsible. Is this the right approach? – if there are no public exploits, the only other way is to create yourself an exploit by reverse engineering the patch from the vendor…

I have been given a report from Shodan Vulnerability scanner, which seems to do a version check and need to validate if the vulnerabilities are actually an issue.

I know that version checking is prone to a large amount of false positives, is there anyway around this?

Regards
Brad

DreamProxies - Cheapest USA Elite Private Proxies 100 Cheapest USA Private Proxies Buy 200 Cheap USA Private Proxies 400 Best Private Proxies Cheap 1000 USA Private Proxies 2000 USA Private Proxies 5000 Cheap USA Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive.com Proxies-free.com New Proxy Lists Every Day Proxies123.com Proxyti.com Buy Quality Private Proxies