Skip to content

PoCs of security issues that I've reported

Notifications You must be signed in to change notification settings

tbarabosch/pocs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PoCs

This repository contains dumps of PoCs of security issues that I've reported. Some may have a proper write-up, some may have actual code, some may have just a binary that triggers a bug. Since the bugs should be fixed by now the PoCs should not do any harm. They should serve as examples for other (white-hat) hackers and folks that wish to study security bugs.

List of Security Issues

This repository does only contain PoCs for issues I consider most interesting. For instance, I reported dozens of (kernel) security bugs to BSD-based projects that are not listed here. FreshBSD lists all commits to FreeBSD, OpenBSD, and NetBSD that reference my name.

A Word On Responsible Disclosure

I followed a responsible disclosure approach, i.e. giving the organizations the time that they needed to fix issues. Hence, most of the bugs should be fixed by now.

Unfortunately, one organization stopped answering my mails, fixed dozens of kernel memory disclosures on their repo's HEAD but did not backport them (i.e. leaving their users vulnerable), and did not file any CVE for bugs for which they should (according to their security advisory strategy). Whether it is the lacking manpower or it is their lack of intrest in security issues, those who wanted to abuse these bugs could have done it during the last months (just by tracking their repo's HEAD). This definitly does not motivate white-hat hackers to continue helping out such projects.

Releases

No releases published

Packages

No packages published

Languages