Articles with tag: Race Condition
POSTED BY: Brian McDermott / 15.06.2023

Race condition in key creation and key rotation exposes private keys of Tang server

CENSUS ID:CENSUS-2023-0002
CVE ID:CVE-2023-1672
Affected Products:Tang versions prior to 14
Class:Insecure Inherited Permissions (CWE-277)
Discovered by:Brian McDermott

The Tang open source software is used to bind data to network presence. It is commonly used along with Clevis clients to provide for unattended LUKS decryption of server storage volumes within the realms of a network, where a trusted Tang server is situated. CENSUS identified that the Tang software in versions 11, 12 and 13 (and possibly previous versions) is vulnerable to a form of race condition, where the Tang private keys become exposed for a small time window to other users on the same host. The issue is tracked as CVE-2023-1672. Users are recommended to upgrade to Tang version 14 where the issue has been sufficiently addressed.


POSTED BY: Nikolaos Naziridis / 06.11.2014

Using SystemTap to determine the exploitability of unbound memory overflows

Hello, my name is Nikos Naziridis and I am a security researcher at CENSUS. In this post, I will present how SystemTap and kernel instrumentation in general, could be used to aid the process of determining the exploitability of unbound memory overflows and the detection of thread race condition bugs.