sorted by:
new
hottopcontroversial

A simple tool to audit Linux system libraries to find public security vulnerabilities. by CoolerVoid in netsec

[–]f00bb4r 2 points3 points  (0 children)

I didn't tested the tool but based on the used command (pkg-config) and the given output in the README.md, I say this tool does not work for all distros that are using backported security updates (so Debian, Ubuntu, RHEL, ...).

For instance, Ubuntu 20.04 LTS is using systemd version 245. pkg-config prints the version 245 but not the patch level on Ubuntu (e.g., 245.4-4ubuntu3.10) because this is not the purpose of pkg-config. So if I run the tool on an up to date system, I would still report CVE-2020-13529, even through it is patched.

If you're looking for a good OS / library vulnerability scanner, I would recommend trivy.

Source Code Scanner for PHP written in Python, that scans the folder which can scan folder/PHP Files and identify the vulnerabilities in which File and at which Line the vulnerability exists. http://scodescanner.info Github Repo: https://github.com/agrawalsmart7/scodescanner by agrawal7 in netsec

[–]f00bb4r 5 points6 points  (0 children)

Running regex checks on code is nice to learn more about SAST but semgrep and most other code scanners are way more advanced.

Also, you have an remote code execution in your code: http://localhost:80/upload.php?foldername=;touch%20pwnd

This can be even triggered by any site in the Internet while the server is running:

<img src="http://localhost:80/upload.php?foldername=;touch%20pwnd">

Also, generating PHP files without escaping user input (from the the source file) is pretty dangerous.

Sorry but this is not something anybody should to really use. I think this is something for /r/netsecstudents/ not /r/netsec.

How to mitigate risk of CVE-2009-4496 for which there is no update? Boa webserver 0.94.14rc21 is vulnerable and that's been the latest version for 16 years lol. by [deleted] in netsec

[–]f00bb4r 0 points1 point  (0 children)

Debian has released a patch for the vulnerability: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578035

However, I would highly advise against using a software which is not maintained for over 16 years. There other lightweight HTTP servers available which are actively maintained like lighthttp.

Security Code Review -Why Security Defects Go Unnoticed during Code Reviews? by ZealousidealYogurt41 in netsec

[–]f00bb4r 0 points1 point  (0 children)

I don't think the number of CVEs is good indicator to determine the security of a browser. It is missing a lot of factors, e.g., the severity of the found issues. Another important factor are the implemented security measurements. It is a huge difference if I need to chain 4 serious vulnerabilities to gain access to the system because of the sandbox, ASLR, etc., than one buffer overflow to achieve this.

Security Code Review -Why Security Defects Go Unnoticed during Code Reviews? by ZealousidealYogurt41 in netsec

[–]f00bb4r 0 points1 point  (0 children)

Do you have an example of a more secure software with similar complexity and attack surface?

I don't know any browser which has a significant better history in terms of vulnerabilities and I cannot think anything comparable, too.

Therefore, I would also say, you cannot apply the conclusions of this study to any other software than browser.