101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

490
active users

#upx

0 posts0 participants0 posts today
Patryk Krawaczyński<p>Upakowane ELFy – czerwona flaga dla pliku binarnego w Linuksie ( <a href="https://nfsec.pl/security/6600" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">nfsec.pl/security/6600</span><span class="invisible"></span></a> ) <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/upx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>upx</span></a> <a href="https://infosec.exchange/tags/packer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packer</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/twittermigration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>twittermigration</span></a> </p><p><a href="https://www.youtube.com/watch?v=1M4ADcMn3dA" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=1M4ADcMn3dA</span><span class="invisible"></span></a></p>
ꙮ liilliil 🇫🇯🇱🇨🇱🇧<p><a href="https://mastodon.online/tags/upx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>upx</span></a> классная штука<br>Например, бинарники <a href="https://mastodon.online/tags/mc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mc</span></a> и <a href="https://mastodon.online/tags/nano" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nano</span></a> без проблем жмутся в 2 раза<br>Если не жадничать, можно жать по минимуму и получить выигрыш в скорости</p>
Felix Palmen :freebsd: :c64:<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@RL_Dane" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>RL_Dane</span></a></span> Oh, compressing executables still makes sense in *some* scenarios (relevant size reduction, not using a filesystem with transparent compression, "slow" storage media ...).</p><p>But then, <a href="https://mastodon.bsd.cafe/tags/gzexe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gzexe</span></a> doesn't really cut it. It needs temporary files for decompression (spoiling most possible speed gains), and compression rates are mediocre. So *if* you have a use case for compressed executables, you'd better have a look at <a href="https://mastodon.bsd.cafe/tags/upx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>upx</span></a>, which achieves better rates and decompresses in-memory, in-place.</p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p><strong>Heap Buffer Overflow in UPX Identified</strong></p><p><strong>Date</strong>: March 26, 2024<br><strong>CVE</strong>: To be assigned<br><strong>Vulnerability Type</strong>: Buffer Errors<br><strong>CWE</strong>: [[CWE-122]]<br><strong>Sources</strong>: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-3209" rel="nofollow noopener" target="_blank">NIST</a> <a href="https://vuldb.com/?ctiid.259055" rel="nofollow noopener" target="_blank">VULNDB</a> <a href="https://vuldb.com/?submit.304575" rel="nofollow noopener" target="_blank">VULNDB Submit</a></p><p><strong>Issue Summary</strong></p><p>A heap buffer overflow vulnerability was identified in the [[UPX|Ultimate Packer for eXecutables]] (UPX), specifically in the commit <code>06b0de9c77551cd4e856d453e094d8a0b6ef0d6d</code>. This issue occurs during the handling of certain data structures, leading to potential memory corruption. The vulnerability was discovered through fuzzing techniques using the Google OSS-Fuzz project.</p><p><strong>Technical Key findings</strong></p><p>The vulnerability is caused by improper handling of input data, resulting in a heap buffer overflow. This overflow occurs in the handling of packed files during decompression, where the bounds of allocated heap memory are not properly checked.</p><p><strong>Vulnerable products</strong></p><ul><li>[[UPX]] version identified by commit <code>06b0de9c77551cd4e856d453e094d8a0b6ef0d6d</code>.</li></ul><p><strong>Impact assessment</strong></p><p>An attacker could exploit this vulnerability to execute arbitrary code on the target system or cause a denial of service through application crash, potentially compromising the system's integrity and availability.</p><p><strong>Patches or workaround</strong></p><p>No specific patches or workarounds were mentioned at the time of reporting. Users are advised to monitor the official [[UPX]] GitHub repository for updates.</p><p><strong>Tags</strong></p><p><a href="https://infosec.exchange/tags/UPX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UPX</span></a> <a href="https://infosec.exchange/tags/BufferOverflow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BufferOverflow</span></a> <a href="https://infosec.exchange/tags/HeapOverflow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HeapOverflow</span></a> <a href="https://infosec.exchange/tags/SecurityVulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityVulnerability</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a></p>