Blog

Random insights of our daily work

Category Icon
security

sigma-star-sa-2024-001: CHAP authentication bypass in user-space Linux target framework (tgt) up to v1.0.92 (CVE-2024-45751)

The user-space iSCSI target daemon of the Linux target framework (tgt) uses an insecure random number generator to generate CHAP authentication callenges. This results in predictable challenges which an attacker capable of recording network traffic between iSCSI target and initiator can abuse to bypass CHAP authentication by replaying previous responses.

07.09.2024
Category Icon
security

Thoughts on Linux CNA's Approach and the Resulting CVE Flood

Recently, the Linux Kernel Project attained the status of a CNA (CVE Numbering Authority), granting it the capability to independently issue CVEs (Common Vulnerabilities and Exposures). While this development may not appear groundbreaking on its own, the substantial increase in the number of newly assigned CVEs has captured the attention of many individuals. I've received numerous inquiries from people seeking clarification on the situation surrounding the Linux CNA and expressing concern about the apparent surge in the issuance of CVE numbers for almost every non-trivial patch applied to the maintained stable kernel trees.

13.03.2024
Category Icon
security

Pseudo Graceful Process Termination through Code Injection

This blog post outlines the utilization of code injection to create a tool capable of gracefully terminating any program, setting its exit code to 0.

25.02.2024
Category Icon
embedded

A Time Consuming Pitfall for 32-bit Applications on AArch64

When running legacy applications on AArch64, an interesting pitfall can arise.

14.02.2024
Category Icon
linux

Investigating Paranormal Shell Activities

Recently, while attending a conference, I observed an unusual occurrence in my terminal emulator: terminal tab windows were getting highlighted without any apparent notification within the shell session. Time to unpack our trusty debugging tools to uncover the mystery of these activities.

17.11.2023
Category Icon
linux

Analyzing Packet Drops Without Tooling: Or ftrace the Pure Way

Linux offers a lot of tools to understand internals, today we'll analyze the network stack with zero tools installed.

02.11.2023
Category Icon
security

No Love for Negative Permissions

Negative permissions have always been bad practice, with the help of container tooling they can be bypassed too.

31.08.2023
Category Icon
cryptography

CVE-2023-31147: Insufficient randomness for DNS query identifiers in c-ares

We've been part of a team that audited c-ares. This is a writeup of how we discovered that DNS query identifiers generated by c-ares are not always properly random which lead to CVE-2023-31147.

22.08.2023
Category Icon
linux

Let's Embed a Go Program into the Linux Kernel

Today, we would like to present a lesser-known feature of the Linux kernel. Instead of launching a program from a file system, regardless of whether it's virtual or not, it is also possible to embed a user-space program directly into the kernel image itself and start it from there.

21.07.2023
Category Icon
sigma-star

Embedded Open Source Summit 2023 in Prague

The Embedded Open Source Summit in Prague offered valuable insights and connections for our company, focusing on Linux and security, as our first major conference since the pandemic.

03.07.2023
Category Icon
security

Who's your canary?

Stack canaries are a common security feature to mitigate buffer-overflows. However, it's value is generated differently in every libc-implementation, which has security implications.

30.05.2023
Category Icon
security

Restricting network access using Linux Network Namespaces

Our last blog post on Linux mount namespaces explored ways to restrict access to the file system. In this post we'll show how to restrict access to the network.

07.05.2023
Category Icon
sigma-star

Too many CPUs to build

Lately we've been facing strange build errors on one of our build servers. The root cause was quite surprising.

09.04.2023
Category Icon
security

Restricting file system access using Linux Mount Namespaces

Linux offers a variety of mechanisms to confine a process, one of them are namespaces. Today they are mostly used as foundation for Linux containers. In this blog post we'll demonstrate how namespaces can be used to restrict access to the file system for a given process and all its children.

18.03.2023
Category Icon
sigma-star

Training: Kernel Internals for Linux Admins

Understanding certain kernel internals is not only useful for persons that intend developing kernel related software.

13.12.2022
Category Icon
security

Securely booting x86 using Heads

An overview about x86 firmware security and Heads, a project aiming to gain more trust in the boot process.

10.11.2022
1 2
Icon with a waving hand

Get in touch

+43 5 9980 400 00 (email preferred)

sigma star gmbh
Eduard-Bodem-Gasse 6, 1st floor
6020 Innsbruck | Austria

LinkedIn logo
sigma star gmbh logo