Highest Voted 'race-condition' Questions - IT Security Stack Exchange

42

votes

8 answers

Exploiting the delay when a festival ticket is scanned

How a ticket system works A ticket system - one you see at festivals - works like this: when a user pays for their ticket, a row is added to the database with a column named is_scanned, whose default value is set to false. As soon as a guard at the…

exploit race-condition

asked Jul 29 '19 at 11:18

O'Niel

2,740
3
17
28

16

votes

2 answers

How can I test my web application for timing attacks?

race conditions, etc. Are there automatic tools for this? What manual techniques should I use? From the Area51 proposal

web-application penetration-test appsec vulnerability-scanners race-condition

asked Nov 16 '10 at 07:34

AviD

72,138
22
136
218

10

votes

2 answers

Are memcpy() based race conditions exploitable for causing remote code execution?

Let’s say I have the following pseudocode in the trusted part of a sandbox which prevent untrusted code calling mprotect() and mmap() and ptrace() directly (mutext isn’t accessible from sandboxed memory)… //src and dest are user controlled but must…

linux c exploit-development x86 race-condition

asked Feb 20 '17 at 01:44

user2284570

1,402
1
14
33

9

votes

1 answer

Is symlink race a very common vulnerability in UNIX systems

As far as I know, when I am creating a new file or directory in a directory that can be written by multiple users (and thus an adversary can have made a symlink there), the only way to protect myself from symlink race is creating a file with enough…

linux unix symlink race-condition

asked Mar 05 '15 at 10:02

v6ak

609
5
12

7

votes

1 answer

How to solve race condition in 2-factor authentication solutions like RSA Security tokens or Google Authenticator?

One of the reasons we opt to use 2-factor authentication is to minimize the impact of keyloggers. The theory is that even if an attacker is able to observe the user type in the token numbers, they wouldn't be able to use this information, since the…

authentication multi-factor keyloggers race-condition

asked Jan 04 '13 at 14:56

mricon

6,238
22
27

2

votes

0 answers

What is the impact if there is Race Condition while submitting OTP?

I recently came across a web application where it was asking for an OTP after a successful login. Let the endpoint be https://www.example.com/otpcode The initial test for a brute-force of the OTP resulted in a 400 Bad request. I tested for a race…

burp-suite one-time-password race-condition

asked Mar 02 '21 at 03:46

Joel Deleep

189
9

2

votes

1 answer

Is Amazon's app store vulnerable to external storage race condition?

There's been a load of kerfuffle about how Fortnite on Android saves APKs to external storage and how they can be overwritten before they are installed. (The press is awkwardly calling this a man-in-the-disk attack.) I've heard from a couple of…

android race-condition

asked Aug 30 '18 at 06:36

Timmmm

121
4

1

vote

2 answers

Code Vulnerability in Shell script

I was given an assignment for my Computer Security class. We we were given a piece of code to analyze and determine the vulnerabilities that it might have. #!/bin/sh # shell script to create a copy of the shadow file to the /tmp directory echo >…

linux vulnerability shellcode race-condition

asked May 13 '15 at 17:22

Alan W

13
4

1

vote

0 answers

Access default to true vulnerability

I remember there is a TOCTOU-related vulnerability, where one should never default the access of a user to true and set to false if something goes wrong, but default it to false and set it to true only if everything goes right. However, I dont…

vulnerability race-condition

asked Sep 25 '19 at 18:38

chubakueno

113
4

1

vote

1 answer

What is the race condition in the Heartbleed attack?

A race condition occurs when two or more threads access shared data and try to do so at the same time. The Heartbleed attack is a vulnerability in OpenSSL, where a Client sends heartbeat requests to a Server. The heartbeat requests can be of…

heartbleed race-condition

asked Feb 20 '19 at 17:09

user503842

257
4
10

1

vote

1 answer

Pentest software with a race condition

I have to pentest a program "xchgpass" that acts like passwd. This "xchgpass" edits a file located at /etc/secretpass . xchgpass has setuid bit set : hacker@cours-info:~$ ls -l /usr/bin/xchgpass -rwsr-xr-x 1 level7 hackers 9992 Jan 18 08:22…

linux penetration-test operating-systems race-condition

asked Jan 20 '17 at 12:54

McKay1717

31
5

1

vote

2 answers

Is it possible to plan for race conditions?

Is it possible to plan for race conditions, so that you can execute specific commands at a specific time? For example, the following code is vulnerable to a race condition. Is it possible to modify the file / replace it with a symlink exactly when…

exploit vulnerability exploit-development race-condition

asked Mar 24 '16 at 20:32

user104787

179
1
4
12

0

votes

1 answer

How can opening a non-existing file cause a security vulnerability?

I was reading on race conditions when I encountered the paragraph below: How exactly does trying to read a non-existing file cause a security vulnerability?

vulnerability file-access race-condition

asked Jul 07 '22 at 05:59

Xavier Mukodi

1

0

votes

1 answer

Understanding the Meltdown vulnerability

I need to write a simple program that demonstrates a race condition. I picked the Meltdown vulnerability. I want to clarify something. I'm following this explanation…

privilege-escalation meltdown race-condition

asked Sep 14 '21 at 18:09

Segmentation fault

101
3

0

votes

2 answers

Update fresh installation of Linux OS

It seems to me that there's some sort of "race condition" when you install a new Linux OS (this applies to every OS, but I'll restrict this question to Linux only). When you download the OS for a fresh installation, the image is usually out-of-date.…

linux updates install race-condition

asked Mar 24 '20 at 12:08

reed

15,398
6
43
64

Questions tagged [race-condition]