Monthly Archives: October 2016

Security

NVIDIA NvStreamKms PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow

The NvStreamKms.sys driver calls PsSetCreateProcessNotifyRoutineEx to set up a process creation notification routine. wcscpy_s is used incorrectly here, as the second argument is not the size of |Dst|, but rather the calculated size of the filename. |Dst| is a stack buffer that is at least 255 characters long. The the maximum component paths of most filesystems on Windows have a limit that is <= 255 though, so this shouldn’t be an issue on normal filesystems. However, one can pass UNC paths to CreateProcessW containing forward slashes as the path delimiter, which means that the extracted filename here can be “a/b/c/…”, leading to a buffer overflow. Additionally, this function has no stack cookie.

Hackers News

Mirai Botnet Itself is Flawed; Hacking Back IoTs Could Mitigate DDoS Attacks

The infamous botnet that was used in the recent massive distributed denial of service (DDoS) attacks against the popular DNS provider Dyn, causing vast internet outage on last Friday, itself is flawed.

Yes, Mirai malware, which has already enslaved millions of Internet of Things (IoT) devices across 164 countries, contains several vulnerabilities that might be used against it in order to