logo

Exploring the New World : Remote Exploitation of SQLite and Curl

Conference:  BlackHat USA 2019

2019-08-08

Summary

The presentation discusses the discovery of security vulnerabilities in Google and LabCorp software and the importance of implementing defense-in-depth mechanisms to improve cybersecurity.
  • The presentation introduces the main research on security vulnerabilities in Google and LabCorp software.
  • The presentation discusses the process of discovering stability and curve abilities through manual and fuzzy auditing.
  • The presentation explains how to exploit these vulnerabilities to complete the report.
  • The presentation emphasizes the importance of implementing defense-in-depth mechanisms to improve cybersecurity.
  • The presentation provides security advice for software developers.
The presentation discusses the discovery of a vulnerability in shadow tables used by LabCorp's chromium project. The vulnerability allowed for the creation of memory corruption vulnerabilities and could be exploited by attackers to gain access to sensitive information. The presentation also provides an anecdote about a PHP code that could be used by attackers to release memory to remote servers.

Abstract

Over the past years, our team has used several new approaches to identify multiple critical vulnerabilities in SQLite and Curl, two of the most widely used basic software libraries. These two sets of vulnerabilities, which we named "Magellan" and "Dias" respectively, affect many devices and software. We exploited these vulnerabilities to break into some of the most popular Internet of things devices (including Google Home with Chrome), one of the most widely used Web server (Apache+PHP) and one of the most commonly used developer tool (Git). In this presentation, we will share new methods to discover vulnerabilities in SQLite and Curl through Fuzz and manual auditing. Through these methods, we found "Magellan", a set of three heap buffer overflow and heap data disclosure vulnerabilities in SQLite ( CVE-2018-20346, CVE-2018-20505 CVE-2018-20506 ) We also found "Dias", two remote memory leak and stack buffer overflow vulnerabilities in Curl ( CVE-2018-16890 and CVE-2019-3822 ). Considering the fact that these vulnerabilities affect many systems and software, we have issued a vulnerability alert to notify the vulnerable vendor to fix it.We will disclose the details of "Magellan" and "Dias" for the first time and highlight some of our new vulnerability exploitation techniques. In the first part, we will analyze how to use Magellan to complete the first public remote exploit of Google Home. In the second part, we will talk about how to use Dias to complete the remote attack on Apache+PHP and Git. Finally, we will summarize our research and provide some security development advice to the basic software library developers.

Materials:

Tags: