Questions tagged [race-condition]
The race-condition tag has no summary.
16 questions
1
vote
0
answers
197
views
Race condition in Python [closed]
I am trying to teach my students about race conditions on the web, and for that purpose, I am using a simple bank example, in which we transfer an amount from person A to Person B's account. If we use ...
- 343
0
votes
1
answer
168
views
How can opening a non-existing file cause a security vulnerability?
I was reading on race conditions when I encountered the paragraph below:
How exactly does trying to read a non-existing file cause a security vulnerability?
0
votes
1
answer
385
views
Understanding the Meltdown vulnerability
I need to write a simple program that demonstrates a race condition. I picked the Meltdown vulnerability.
I want to clarify something. I'm following this explanation https://resources.infosecinstitute....
2
votes
0
answers
554
views
What is the impact if there is Race Condition while submitting OTP?
I recently came across a web application where it was asking for an OTP after a successful login.
Let the endpoint be https://www.example.com/otpcode
The initial test for a brute-force of the OTP ...
- 189
0
votes
2
answers
212
views
Update fresh installation of Linux OS
It seems to me that there's some sort of "race condition" when you install a new Linux OS (this applies to every OS, but I'll restrict this question to Linux only). When you download the OS for a ...
- 16k
1
vote
0
answers
121
views
Access default to true vulnerability
I remember there is a TOCTOU-related vulnerability, where one should never default the access of a user to true and set to false if something goes wrong, but default it to false and set it to true ...
- 113
42
votes
8
answers
21k
views
Exploiting the delay when a festival ticket is scanned
How a ticket system works
A ticket system - one you see at festivals - works like this: when a user pays for their ticket, a row is added to the database with a column named is_scanned, whose default ...
- 3,540
1
vote
1
answer
519
views
What is the race condition in the Heartbleed attack?
A race condition occurs when two or more threads access shared data and try to do so at the same time.
The Heartbleed attack is a vulnerability in OpenSSL, where a Client sends heartbeat requests to ...
- 317
2
votes
1
answer
176
views
Is Amazon's app store vulnerable to external storage race condition?
There's been a load of kerfuffle about how Fortnite on Android saves APKs to external storage and how they can be overwritten before they are installed. (The press is awkwardly calling this a man-in-...
- 121
10
votes
2
answers
1k
views
Are memcpy() based race conditions exploitable for causing remote code execution?
Let’s say I have the following pseudocode in the trusted part of a sandbox which prevent untrusted code calling mprotect() and mmap() and ptrace() directly (mutext isn’t accessible from sandboxed ...
- 1,512
1
vote
1
answer
410
views
Pentest software with a race condition
I have to pentest a program "xchgpass" that acts like passwd.
This "xchgpass" edits a file located at /etc/secretpass .
xchgpass has setuid bit set :
hacker@cours-info:~$ ls -l /usr/bin/xchgpass
-...
- 31
1
vote
2
answers
770
views
Is it possible to plan for race conditions?
Is it possible to plan for race conditions, so that you can execute specific commands at a specific time?
For example, the following code is vulnerable to a race condition. Is it possible to modify ...
- 189
2
votes
2
answers
3k
views
Code Vulnerability in Shell script
I was given an assignment for my Computer Security class. We we were given a piece of code to analyze and determine the vulnerabilities that it might have.
#!/bin/sh
# shell script to create a copy ...
- 23
9
votes
1
answer
3k
views
Is symlink race a very common vulnerability in UNIX systems
As far as I know, when I am creating a new file or directory in a directory that can be written by multiple users (and thus an adversary can have made a symlink there), the only way to protect myself ...
- 639
7
votes
1
answer
852
views
How to solve race condition in 2-factor authentication solutions like RSA Security tokens or Google Authenticator?
One of the reasons we opt to use 2-factor authentication is to minimize the impact of keyloggers. The theory is that even if an attacker is able to observe the user type in the token numbers, they ...
- 6,608