Questions tagged [race-condition]
15 questions
42
votes
8 answers
Exploiting the delay when a festival ticket is scanned
How a ticket system works
A ticket system - one you see at festivals - works like this: when a user pays for their ticket, a row is added to the database with a column named is_scanned, whose default value is set to false.
As soon as a guard at the…
O'Niel
- 2,740
- 3
- 17
- 28
16
votes
2 answers
How can I test my web application for timing attacks?
race conditions, etc.
Are there automatic tools for this? What manual techniques should I use?
From the Area51 proposal
AviD
- 72,138
- 22
- 136
- 218
10
votes
2 answers
Are memcpy() based race conditions exploitable for causing remote code execution?
Let’s say I have the following pseudocode in the trusted part of a sandbox which prevent untrusted code calling mprotect() and mmap() and ptrace() directly (mutext isn’t accessible from sandboxed memory)…
//src and dest are user controlled but must…
user2284570
- 1,402
- 1
- 14
- 33
9
votes
1 answer
Is symlink race a very common vulnerability in UNIX systems
As far as I know, when I am creating a new file or directory in a directory that can be written by multiple users (and thus an adversary can have made a symlink there), the only way to protect myself from symlink race is creating a file with enough…
v6ak
- 609
- 5
- 12
7
votes
1 answer
How to solve race condition in 2-factor authentication solutions like RSA Security tokens or Google Authenticator?
One of the reasons we opt to use 2-factor authentication is to minimize the impact of keyloggers. The theory is that even if an attacker is able to observe the user type in the token numbers, they wouldn't be able to use this information, since the…
mricon
- 6,238
- 22
- 27
2
votes
0 answers
What is the impact if there is Race Condition while submitting OTP?
I recently came across a web application where it was asking for an OTP after a successful login.
Let the endpoint be https://www.example.com/otpcode
The initial test for a brute-force of the OTP resulted in a 400 Bad request. I tested for a race…
Joel Deleep
- 189
- 9
2
votes
1 answer
Is Amazon's app store vulnerable to external storage race condition?
There's been a load of kerfuffle about how Fortnite on Android saves APKs to external storage and how they can be overwritten before they are installed. (The press is awkwardly calling this a man-in-the-disk attack.)
I've heard from a couple of…
Timmmm
- 121
- 4
1
vote
2 answers
Code Vulnerability in Shell script
I was given an assignment for my Computer Security class. We we were given a piece of code to analyze and determine the vulnerabilities that it might have.
#!/bin/sh
# shell script to create a copy of the shadow file to the /tmp directory
echo >…
Alan W
- 13
- 4
1
vote
0 answers
Access default to true vulnerability
I remember there is a TOCTOU-related vulnerability, where one should never default the access of a user to true and set to false if something goes wrong, but default it to false and set it to true only if everything goes right. However, I dont…
chubakueno
- 113
- 4
1
vote
1 answer
What is the race condition in the Heartbleed attack?
A race condition occurs when two or more threads access shared data and try to do so at the same time.
The Heartbleed attack is a vulnerability in OpenSSL, where a Client sends heartbeat requests to a Server. The heartbeat requests can be of…
user503842
- 257
- 4
- 10
1
vote
1 answer
Pentest software with a race condition
I have to pentest a program "xchgpass" that acts like passwd.
This "xchgpass" edits a file located at /etc/secretpass .
xchgpass has setuid bit set :
hacker@cours-info:~$ ls -l /usr/bin/xchgpass
-rwsr-xr-x 1 level7 hackers 9992 Jan 18 08:22…
McKay1717
- 31
- 5
1
vote
2 answers
Is it possible to plan for race conditions?
Is it possible to plan for race conditions, so that you can execute specific commands at a specific time?
For example, the following code is vulnerable to a race condition. Is it possible to modify the file / replace it with a symlink exactly when…
user104787
- 179
- 1
- 4
- 12
0
votes
1 answer
How can opening a non-existing file cause a security vulnerability?
I was reading on race conditions when I encountered the paragraph below:
How exactly does trying to read a non-existing file cause a security vulnerability?
0
votes
1 answer
Understanding the Meltdown vulnerability
I need to write a simple program that demonstrates a race condition. I picked the Meltdown vulnerability.
I want to clarify something. I'm following this explanation…
Segmentation fault
- 101
- 3
0
votes
2 answers
Update fresh installation of Linux OS
It seems to me that there's some sort of "race condition" when you install a new Linux OS (this applies to every OS, but I'll restrict this question to Linux only). When you download the OS for a fresh installation, the image is usually out-of-date.…
reed
- 15,398
- 6
- 43
- 64