Threat: RedLine.MainPanel – cracked.exe
Vulnerability: Insecure Permissions
Description: The malware writes PE files with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…
Here is the exploit information for CVE-2021-45040.
Below is summary of timeline for reference:
1. Contact developer (security contact: Freek) regarding the vulnerability at Mon 12/13/2021 11:42 AM (GMT+8)
2. Contact CERT.org at Mon 12/13/2021 10:36 PM
3. Submit CVE Request to Mitre at Mon 12/13/2021 11:30 PM
4. No response from vendor until now.
5. Possible solution had been documented by our research team:…
take build-tool-depends into account (#65)
‘spec’,’update’: detect autorelease and preserve autochangelog (#66)
‘spec –standalone’: strip executable
support _builddir
Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL
could be tricked into an infinite loop. This could result in denial of
service via malformed certificates.
