Exploring the New World : Remote Exploitation of SQLite and Curl

Exploring the New World : Remote Exploitation of SQLite and Curl

Over the past years, our team has used several new approaches to identify multiple critical vulnerabilities in SQLite and Curl, two of the most widely used basic software libraries. These two sets of vulnerabilities, which we named "Magellan" and "Dias" respectively, affect many devices and software. We exploited these vulnerabilities to break into some of the most popular Internet of things devices (including Google Home with Chrome), one of the most widely used Web server (Apache+PHP) and one of the most commonly used developer tool (Git).

In this presentation, we will share new methods to discover vulnerabilities in SQLite and Curl through Fuzz and manual auditing. Through these methods, we found "Magellan", a set of three heap buffer overflow and heap data disclosure vulnerabilities in SQLite ( CVE-2018-20346, CVE-2018-20505 CVE-2018-20506 ) We also found "Dias", two remote memory leak and stack buffer overflow vulnerabilities in Curl ( CVE-2018-16890 and CVE-2019-3822 ). Considering the fact that these vulnerabilities affect many systems and software, we have issued a vulnerability alert to notify the vulnerable vendor to fix it.

We will disclose the details of "Magellan" and "Dias" for the first time and highlight some of our new vulnerability exploitation techniques. In the first part, we will analyze how to use Magellan to complete the first public remote exploit of Google Home. In the second part, we will talk about how to use Dias to complete the remote attack on Apache+PHP and Git. Finally, we will summarize our research and provide some security development advice to the basic software library developers.

Presented by