Aggregator

PE文件是Windows操作系统中常见的可执行文件格式，全称为Portable Execut

The Government Communications Security Bureau (GCSB) accepts the recommendations of the Inspector General of Intelligence and Security (IGIS) report into the GCSB’s previous hosting of a foreign capability.

Welcome to the first day of Pwn2Own Vancouver 2024! We have two amazing days of research planned, including every browser, SharePoint, and Tesla. We’ll be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Pacific Daylight Time (GMT -7:00).

And we’re done with Day One of Pwn2Own Vancouver 2024. We awarded $732,500 USD for 19 unique 0-days. See below for the details of each event. Here are the Master of Pwn standings after the first day:

SUCCESS - AbdulAziz Hariri of Haboob SA was able to execute their code execution attack against Adobe Reader. He combined an an API Restriction Bypass and a Command Injection bug. He earns himself $50,000 and 5 Master of Pwn points.

SUCCESS - The DEVCORE Research Team was able to execute their LPE attack against Windows 11. They combined a couple of bugs, including a somewhat risky TOCTOU race condition. They earn $30,000 and 3 Master of Pwn points.

FAILURE - The Starlabs SG team was unable to get their exploit of Microsoft SharePoint working within the time allotted.

SUCCESS - Seunghyun Lee (@0x10n) of KAIST Hacking Lab was able to execute their exploit of the Google Chrome web browser using a single UAF bug. They earn $60,000 and 6 Master of Pwn points.

SUCCESS - Gwangun Jung (@pr0ln) and Junoh Lee (@bbbig12) from Theori (@theori_io) combined an uninitiallized variable bug, a UAF, and a heap-based buffer overflow to escape VMware Workstation and then execute code as SYSTEM on the host Windows OS. This impressive feat earns them $130,000 and 13 Master of Pwn points.

BUG COLLISION - The DEVCORE Team was able to execute their LPE attack against Ubuntu Linux. However, the bug they used was previously known. They still earn $10,000 and 1 Master of Pwn points.

SUCCESS - Bruno PUJOS and Corentin BAYET from REverse Tactics (@Reverse_Tactics) combined two Oracle VirtualBox bugs - including a buffer overflow - along with a Windows UAF to escape the guest OS and execute code as SYSTEM on the host OS. This fantastic research earns them $90,000 and 9 Master of Pwn points.

SUCCESS - The Synacktiv (@synacktiv) team used a single integer overflow to exploit the Tesla ECU with Vehicle (VEH) CAN BUS Control. The win $200,000, 20 Master of Pwn points, and a new Tesla Model 3 (their second!).

SUCCESS - Kyle Zeng from ASU SEFCOM used an ever tricky race condition to escalate privileges on Ubuntu Linux desktop. This earns him him $20,000 and 20 Master of Pwn points.

SUCCESS - Cody Gallagher used a single OOB Write bug to exploit Oracle VirtualBox. His first ever Pwn2Own attempt results in him winning $20,000 (second round win) and 4 Master of Pwn points.

SUCCESS - Manfred Paul (@_manfp) gets RCE on the Apple Safari browser with an integer underflow bug plus a PAC bypass using a weakness in Apple Safari. He wins himself $60,000 and 6 Master of Pwn points.

FAILURE - STAR Labs SG could not get their exploit of VMware ESXi working within the time allotted.

SUCCESS - Dungdm (@_piers2) of Viettel Cyber Security used two bugs, including the ever-risky race condition, to exploit Oracle VirtualBox. As a round 3 winner, they receive $20,000 and 4 Master of Pwn points.

SUCCESS - Manfred Paul (@_manfp) executed a double-tap exploit on both Chrome and Edge browsers with the rare CWE-1284 Improper Validation of Specified Quantity in Input. His Round 2 win earns him $42,500 and 15 Master of Pwn points.

That’s a wrap on Day One of Pwn2Own Vancouver 2024. We awarded $732,500 for 19 unique bugs. Tune in tomorrow to see if Synacktive can hold on to their Master of Pwn lead or if Manfred Paul is able to overtake them.

CVE-2019-19726 OpenBSD dynamic loader Local Privilege Escalation Vulnerability

Welcome to Pwn2Own Vancouver 2024! This year’s event promises to be the largest-ever Vancouver event - both in terms of entries and potential prizes. If everything hits, we will end up paying out over $1,300,000 in cash and prizes - including a Tesla Model 3. We’ve got two full days of exciting competition ahead. As always, we began our contest with a random drawing to determine the order of attempts. If you missed it, you can watch the replay here.

The complete schedule for the contest is below (all times Pacific Daylight Time [UTC - 7:00]).

Note: All times subject to change

Day One

Wednesday, March 20 – 0930              

AbdulAziz Hariri of Haboob SA targeting Adobe Reader in the Enterprise Applications category.

Wednesday, March 20 – 1000              

DEVCORE Research Team targeting Microsoft Windows 11 in the Local Privilege Escalation category.

Wednesday, March 20 – 1030              

STAR Labs SG targeting Microsoft SharePoint in the Server category.

Wednesday, March 20 – 1100              

Seunghyun Lee (@0x10n) of KAIST Hacking Lab targeting Google Chrome in the Web Browser category.

Wednesday, March 20 – 1200              

Theori targeting VMware Workstation with an additional Windows Kernel LPE vulnerability in the Virtualization category.

Wednesday, March 20 – 1230              

DEVCORE Research Team targeting Ubuntu Desktop in the Local Privilege Escalation category.

Wednesday, March 20 – 1300              

Bruno PUJOS and Corentin BAYET from REverse Tactics (@Reverse_Tactics) targeting Oracle VirtualBox with an additional Windows Kernel LPE vulnerability in the Virtualization category.

Wednesday, March 20 – 1430              

Synacktiv targeting Tesla ECU with Vehicle (VEH) CAN BUS Control in the Automotive category.

Wednesday, March 20 – 1500              

Kyle Zeng from ASU SEFCOM targeting Ubuntu Desktop in the Local Privilege Escalation category.

Wednesday, March 20 – 1530              

Cody Gallagher targeting Oracle VirtualBox in the Virtualization category.

Wednesday, March 20 – 1600              

Manfred Paul (@_manfp) targeting Apple Safari in the Web Browser category.

Wednesday, March 20 – 1700              

STAR Labs SG targeting VMware ESXi in the Virtualization category.

Wednesday, March 20 – 1800              

Team Viettel targeting Oracle VirtualBox in the Virtualization category.

Wednesday, March 20 – 1830              

Manfred Paul (@_manfp) targeting Google Chrome with Double Tap addon in the Web Browser category.

Day Two 

Thursday, March 21 – 0930   

Marcin Wiązowski targeting Microsoft Windows 11 in the Local Privilege Escalation category.

Thursday, March 21 – 1000   

STAR Labs SG targeting VMware Workstation in the Virtualization category.

Thursday, March 21 – 1030   

ColdEye targeting Oracle VirtualBox in the Virtualization category.

Thursday, March 21 – 1100   

Manfred Paul (@_manfp) targeting Mozilla Firefox with Sandbox Escape in the Web Browser category.

Thursday, March 21 – 1200   

Gabriel Kirkpatrick (gabe_k of exploits.forsale) targeting Microsoft Windows 11 in the Local Privilege Escalation category.

Thursday, March 21 – 1230   

STAR Labs SG targeting Ubuntu Desktop in the Local Privilege Escalation category.

Thursday, March 21 – 1300   

Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) from Palo Alto Networks targeting Google Chrome with Double Tap addon in the Web Browser category.

Thursday, March 21 – 1430   

HackInside targeting Microsoft Windows 11 in the Local Privilege Escalation category.

Thursday, March 21 – 1500   

STAR Labs SG targeting Docker Desktop in the Cloud Native / Container category.

Thursday, March 21 – 1530   

Seunghyun Lee (@0x10n) of KAIST Hacking Lab targeting Microsoft Edge (Chromium) with Double Tap Addon in the Web Browser category.

Thursday, March 21 – 1630   

Valentina Palmiotti with IBM X-Force targeting Microsoft Windows 11 in the Local Privilege Escalation category.

Thursday, March 21 – 1700   

Theori targeting Ubuntu Desktop in the Local Privilege Escalation category. 

We’ll be publishing results live on the blog as the contest unfolds. We’ll also be posting brief video highlights to Twitter, YouTube, Mastodon, LinkedIn, and Instagram, so follow us on your favorite flavor of social media for the latest news from the event.

The post CVE-2024-1212:
Unauthenticated Command Injection
In Progress Kemp LoadMaster appeared first on Rhino Security Labs.