Emanuele Cozzi - Uncursing the ncurses
HTML-код
- Опубликовано: 19 окт 2024
- Presented on Thursday 14th September 2023 at 44CON 2023
We discovered a set of memory corruption vulnerabilities in ncurses, identified as CVE-2023-29491 and fixed in ncurses v.6.4 commit 20230408. These vulnerabilities can range from memory leak or denial-of-service (DoS) to elevating privileges and executing arbitrary code. An example of possible (privileged) target is "top" on macOS, which is a suid binary.
Ncurses is a library to develop text-based user interface (TUI) programs for terminal emulators, available for various operating systems such as Linux, BSDs and macOS. First released in 1993, 30 years ago, ncurses is still widely used and actively maintained.
In this talk we will present our journey on how we selected ncurses for scrutiny, its history, what are terminal databases and terminfo format and how we triggered the vulnerabilities starting from a single environment variable.
Emanuele Cozzi:
Emanuele is a Security Researcher in Microsoft Defender focusing on Linux and Linux malware. Prior to joining Microsoft, Emanuele obtained a PhD on binary analysis for Linux and IoT malware at the Software and System Security group of Eurecom (France). Emanuele loves to play with both defense and attack and his research interests are on exploring new static and dynamic analysis techniques for binary analysis, OS internals and reversing unfriendly binaries.
