Tagged "Vulnerability"

Assessing Modern Operating Systems' IPv6 Fragmentation Handling

IPv6 is the next (current?) generation Internet protocol. It has been designed to overcome many limitations of IPv4 and fix some of the issues and weaknesses. Nevertheless, IPv6 fragmentation presented many vulnerabilities similar to the IPv4 ones in the past: new testing models were presented to check the presence of such problems.

In this work, we demonstrate that IPv6 fragmentation issues are still present today in operating systems because of the weakness of the model used to test their compliance. We also propose a new model that overcomes these limitations.

CVE-2023-41570: Access Control vulnerability in MikroTik REST API

Recently, Mikrotik added a REST server as a new API for managing the router. It is a nice alternative to their proprietary API when automating RouterOS.

However, young software usually contains bugs. Sometimes, these bugs are security-related, and, together with not-so-safe defaults, they may create a vulnerability.

CVE-2023-4809: FreeBSD pf bypass when using IPv6

A few months ago, as part of our investigations on IPv6 security in the NetSecurityLab @ Sapienza University, we discovered a vulnerability that allows attackers to bypass rules in pf-based IPv6 firewalls in particular conditions. Let’s see some details of this vulnerability.

Security assessment of common open source MQTT brokers and clients

Many hobbyists and professionals use common MQTT brokers and libraries, like “Mosquitto”, in their projects. We asked ourselves: are these implementations “safe”? Is there any security issue we can exploit?

Windows API - Information disclosure / covert channel

I use open-source software every day. And I try to contribute as much as I can.

However, sometimes weird things happen when writing OSS code. Like finding a security bug in a closed source software.

DoS (and possible MITM) in Cisco VPN 3000 Concentrator

TL;DR: the Cisco VPN 3000 Concentrator has a bug that allows you to create a DoS (and maybe a MITM) by sending the wrong netmask in IPSec phase 2. You need valid credentials. Apparently there is no workaround or fix. It’s EOL, so maybe you may want to change it :-)

IPv6 link-local and VPS-cloud services: an hidden threat?

As many IT folks, I have my VPS (for instance, this website is running on it). I use this virtual server mainly to host my blog and some other websites that I own. The main reason why I use a "server" (and not an "hosting solution") is that, in this case, I have complete access to the machine. I like to be able to customize my services from top to bottom, even if it's a simple blog.

Too much confidence in user input: the Gemtek WLTXFSQ-102N case

Yesterday I was having a break from studying for next exam. I had few minutes of free time, so I decided to spend that time going around inside the web interface of Gemtek WiMax/4G router that my ISP installed here. I had a "guest" account, as specified in the router's manual.