all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Readline crime: exploiting a SUID logic bug

Add to bookmarks
Feb. 16, 2023, 1 p.m. | Trail of Bits

Trail of Bits Blog blog.trailofbits.com

By roddux // Rory M I discovered a logic bug in the readline dependency partially reveals file information when parsing the file specified in the INPUTRC environment variable. This could allow attackers to move laterally on a box where sshd is running, a given user is able to login, and the user’s private key is […]

attackers box bug crime dependency environment environment variable exploiting file information key linux logic login parsing private private key variable

Visit resource

More from blog.trailofbits.com / Trail of Bits Blog

5 reasons to strive for better disclosure processes 4 days, 20 hours ago | blog.trailofbits.com
blog bugs disclosure examples +6
Introducing Ruzzy, a coverage-guided Ruby fuzzer 3 weeks ago | blog.trailofbits.com
application security bits bugs code +16
Why fuzzing over formal verification? 4 weeks ago | blog.trailofbits.com
audits blockchain development fuzzing +3
Streamline your static analysis triage with SARIF Explorer 4 weeks, 2 days ago | blog.trailofbits.com
analysis audits explorer extension +8
Read code like a pro with our weAudit VSCode extension 1 month ago | blog.trailofbits.com
audits bugs code codebase +12
Releasing the Attacknet: A new tool for finding bugs in blockchain nodes using chaos testing 1 month ago | blog.trailofbits.com
addresses bits blockchain bugs +17
Secure your blockchain project from the start 1 month ago | blog.trailofbits.com
architectures blockchain can design +16
DARPA awards $1 million to Trail of Bits for AI Cyber Challenge 1 month, 1 week ago | blog.trailofbits.com
ai cyber challenge aixcc award awards +14
Out of the kernel, into the tokens 1 month, 1 week ago | blog.trailofbits.com
application applications application security audits +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Cyber Security Architect - SR

@ ERCOT | Taylor, TX
View on infosec-jobs.com

SOC Analyst

@ Wix | Tel Aviv, Israel
View on infosec-jobs.com

Associate Director, SIEM & Detection Engineering(remote)

@ Humana | Remote US
View on infosec-jobs.com

Senior DevSecOps Architect

@ Computacenter | Birmingham, GB, B37 7YS
View on infosec-jobs.com
View more jobs