All articles tagged as:


ExplodingCan - A vulnerability review

A few months ago, my colleagues over at Secarma released a review of ExplodingCan, one of the many exploits released as part of the ShadowBrokers dump. At the time I was asked to complete a review of the vulnerability, specifically how this affected a vulnerable server and if anything could be done to protect users. My analysis of the vulnerability can now be found over at Secarma Labs: Enjoy :)…

Read more »

Foomatic-RIP (CVE-2015-8560)

Just a quick writeup today, recently I uncovered an issue in the Foomatic-RIP package. The bug can be found within the "filter/foomatic-rip/util.c" source and is due to the whitelist used within the following line: const char* shellescapes = "|&!$\'\"`#*?()[]{}"; This blacklist is used to sanitise characters that are later passed to the libc system() call. It seems that this blacklist is missing the ; character, which means that if we can influence an argument passed to footmatic-rip which is later passed to a shell command, we can potentially execute arbitary arguments. For example, on li…

Read more »