盐酸乙酰胆碱
@teb1e
487 subscribers
152 photos
4 videos
1 file
144 links
Maybe I'll forget all these crap after next eruption of acetylcholine. Who knows.
个人消息备份频道
Personal Message Archive
本频道任何消息均不构成医学建议/投资建议/政治主张
No investment/medical advice or political stance is provided/presented/clarified in this channel.
Download Telegram
About
Blog
Apps
Platform
Join
盐酸乙酰胆碱
487 subscribers
盐酸乙酰胆碱
IDEA 2024.2+ 的设置中移除了 Enable New UI 的选项,如需使用老 UI 请安装官方提供的 Classic UI 插件。
🥰5🤔1😢1
981 views
盐酸乙酰胆碱
Forwarded from 🐱MiaoTony's Box | 困困困 zzz (MiaoTony 🐱)
#今天又看了啥 #security #Windows #CVE #RCE #IPv6
CVE-2024-38063
Windows TCP/IP Remote Code Execution Vulnerability

CVSS:3.1 9.8 / 8.5
Max Severity: Critical

An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.

什么?一个整数溢出漏洞,未授权攻击者反复发精心构造的 IPv6 包就能直接 RCE?
而且影响所有受支持的 Windows 版本,包括即将发布的 Windows 11 版本 24H2

Mitigation: Systems are not affected if IPv6 is disabled on the target machine.
退 IPv6 网保平安
微软已在8月13日发布了相关安全更新

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
1.12K views
盐酸乙酰胆碱
https://vxtwitter.com/Pmkphotoworks/status/1829535674464112928
vxTwitter / fixvx
💖 514 🔁 79
Parth Monish Kohli (@Pmkphotoworks)
⚠️ If you own any OnePlus phone from the 9 series (9/9Pro/9R/9RT) or the 10 series (10T/10Pro/10R), then PLEASE DO NOT INSTALL THE AUGUST UPDATE ⚠️

As per users, this particular update is bricking certain OnePlus devices. In simpler words, their motherboards…
😱5
1.11K views
盐酸乙酰胆碱
Forwarded from 凌莞的奇奇怪怪的分享 (nyac.at)
https://nyac.at/posts/cloudflare-workers-force-region
凌莞喵~
强制指定 Cloudflare Workers 出口 IP 地址的地区
在有些时候,我们需要指定 Cloudflare Workers 的出口 IP 地址的地区,以便访问某些特定服务。这需要一些骚操作
1.08K views
盐酸乙酰胆碱
Forwarded from 摸鱼集市 (魔法小猫)
来源:是谁在LINUX内核中开了这个大洞?
https://mp.weixin.qq.com/s/Sr4qIy-AdLhpkus6q1su9w

讨论串:Thread by @evilsocket on Thread Reader App – Thread Reader App https://threadreaderapp.com/thread/1838169889330135132.html
Threadreaderapp
Thread by @evilsocket on Thread Reader App
@evilsocket: * Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago. * Full disclosure happening in less than 2 weeks (as agreed with devs). * Still no CVE assigned (there should be at...…
😱5
1.2K views
盐酸乙酰胆碱
Forwarded from 层叠 - The Cascading
#PSA: 请立即升级 - Firefox 远程代码执行漏洞。

请升级至 Firefox 131.0.2、Firefox ESR 128.3.1 或 Firefox ESR 115.16.1。

mozilla.org/~

CVE: CVE-2024-9680
CVSS: (Critical)

#Firefox
Mozilla
Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1
😱11🤔1
1.28K views
盐酸乙酰胆碱
小页页!
🥰273😍2
1.13K views
盐酸乙酰胆碱
写了点奇怪的东西
纯 Java 调用任意 Linux syscall, 仅支持 Android 平台。
https://github.com/cinit/LibcoreSyscall
GitHub
GitHub - cinit/LibcoreSyscall: A library for loading ELF from memory and/or making Linux syscalls on Android written in pure Java.
A library for loading ELF from memory and/or making Linux syscalls on Android written in pure Java. - cinit/LibcoreSyscall
🤯15😢1
1.23K viewsedited  
盐酸乙酰胆碱
Forwarded from AIGC
OpenWrt 宣布重大变更:从 2024 年 11 月起,主开发分支和未来稳定版本(包括即将发布的 24.10 系列)将使用新的包管理器 apk 替代原有的 opkg。这一变化标志着 OpenWrt 平台发展的重要里程碑,opkg 已被弃用并不再包含在 OpenWrt 中。由于这是安装和管理包方式的根本性转变,社区正在 [论坛](https://forum.openwrt.org/t/the-future-is-now-opkg-vs-apk/201164) 中积极讨论新系统的选项和语法。请注意,此变更不影响 23.05 版本,截至 2024 年 11 月 15 日,24.10 分支仍使用 opkg。

https://forum.openwrt.org/t/major-change-notice-new-package-manager/215682

#OpenWrt #PackageManager #TechnologyUpdate

#AIGC
OpenWrt Forum
The future is now: opkg vs apk
apk has replaced opkg in main branch SNAPSHOT builds The apk switchover is complete. It is the package manager not only in main snapshot, but on the 25.12 release branch. opkg will soon be relegated to history. @ynezz has graciously copied out the…
👏3
674 views
盐酸乙酰胆碱
Forwarded from 知乎大巴扎
为什么军事书籍和历史书籍都很少配地图,特别是详细的军事地图,这是什么原因? | 原文
Telegraph
为什么军事书籍和历史书籍都很少配地图,特别是详细的军事地图,这是什么原因?
以前是没有这个限制的,以前甚至鼓励用图来说明,八九十年代的时候没有现在的排版技术和印刷技术的时候书里带地图的比比皆是,那会儿甚至连地图绘制都得用手绘的方式,比如这本93年的时候编排的《聊城地区水利志》,里头就有几十张大大小小的地图,几乎全部都是手绘。 这种图文结合的方式在志书编排工作里是很重要的,尤其是地方史志,本来说的就是很专业的事,水利、交通、行政之类的本身就需要大量的图,你要是不放个图肯定会云里雾里。但现在的那些志书却全部回避这一点,能不放图就不放图,实在避不开了就放一个官方的图,而这个图往往和要…
😁12
747 views
盐酸乙酰胆碱
linker: IsEligibleFor16KiBAppCompat
RO 和 RX 挤一起,用于在 16K 页系统上加载 4K 页大小的原生库
https://cs.android.com/android/platform/superproject/main/+/main:bionic/linker/linker_phdr_16kib_compat.cpp
🤯4
943 viewsedited  
盐酸乙酰胆碱
Mix! #群友交汇
🥰22
729 views
盐酸乙酰胆碱
CVE-2024-11477

Fixed in 7-Zip 24.07
7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD Published Date: 2024-11-22

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.


https://nvd.nist.gov/vuln/detail/CVE-2024-11477
https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
Zerodayinitiative
ZDI-24-1532
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability
🤔3🥰1
581 viewsedited  
盐酸乙酰胆碱
在 Android SDK AVD API 23 x86_64 的系统镜像上 android_dlopen_ext 的 ANDROID_DLEXT_USE_LIBRARY_FD 参数无法正常使用

近期在测试 Android 纯内存无文件加载 elf/so 方案的低版本兼容性时,发现在 AVD API 23 (system-images/android-23/google_apis/x86_64) 上 ANDROID_DLEXT_USE_LIBRARY_FD 无法正常工作:尝试 android_dlopen_ext 一个 fd, 得到以下报错
dlopen failed: cannot find "libc.so" from verneed[1] in DT_NEEDED list for "/data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)"

显然这是一个通过 open+unlink 得到的普通 fd.(注:一开始用的 ashmem, 发现此问题后尝试 open+unlink 交叉验证寻找问题)
cs.android.com 搜索 "from verneed" 可以发现是 位于 linker 的 VersionTracker::init_verneed 函数

为排查问题,将 linker 的 __dl_g_ld_debug_verbosity 符号设置为 3, 可以得到以下输出。
I [ 'libmmkv.so' find_loaded_library_by_soname returned false (*candidate=n/a@0x0). Trying harder...]
I name /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted): allocated soinfo @ 0x7f6265742d98
W [ linking /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted) ]
D DEBUG: si->base = 0x7f62678f1000 si->flags = 0x40000000
...
D DEBUG: si->base = 0x7f62678f1000, si->strtab = 0x7f62678f7bd4, si->symtab = 0x7f62678f1330
I [ 'liblog.so' find_loaded_library_by_soname returned false (*candidate=/system/lib64/liblog.so@0x7f6271aa85d8). Trying harder...]
I library "liblog.so" is already loaded under different name/path "/data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)" - will return existing soinfo
I [ 'libz.so' find_loaded_library_by_soname returned false (*candidate=/system/lib64/libz.so@0x7f6271a9f008). Trying harder...]
I library "libz.so" is already loaded under different name/path "/data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)" - will return existing soinfo
I [ 'libm.so' find_loaded_library_by_soname returned false (*candidate=/system/lib64/libm.so@0x7f6271aa21f8). Trying harder...]
I library "libm.so" is already loaded under different name/path "/data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)" - will return existing soinfo
I [ 'libc.so' find_loaded_library_by_soname returned false (*candidate=/system/lib64/libc.so@0x7f6271aa2008). Trying harder...]
689 views
盐酸乙酰胆碱
I library "libc.so" is already loaded under different name/path "/data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)" - will return existing soinfo
D DEBUG: cannot find "libc.so" from verneed[1] in DT_NEEDED list for "/data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)"
I /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)@0x7f6265742d98 needs to unload /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)@0x7f6265742d98
I /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)@0x7f6265742d98 needs to unload /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)@0x7f6265742d98
I /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)@0x7f6265742d98 needs to unload /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)@0x7f6265742d98
I /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)@0x7f6265742d98 needs to unload libdl.so@0x7f6271b0b6b0
I /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)@0x7f6265742d98 needs to unload /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted)@0x7f6265742d98
I name /data/data/com.example.test.app.syscalldemo/cache/tmpfs-629392441675200/libmmkv.so (deleted): freeing soinfo @ 0x7f6265742d98
I not unloading 'libdl.so' - the binary is flagged with NODELETE

可以看到 "library "libc.so" is already loaded under different name/path", 其位于 linker 的 static soinfo* load_library(int fd, off64_t file_offset, LoadTaskList& load_tasks, const char* name, int rtld_flags, const android_dlextinfo* extinfo) 函数,显然 linker 的 load_library 认为我需要的 libc.so 与正在被加载的 libmmkv.so 是同一个对象。从调用分支结构不难看出 linker 正在加载 DT_NEEDED 的 libc.so, 而此时 extinfo.fd=libmmkv.so, 因而 load_library 直接返回了 libmmkv.so 的 soinfo.

注意到 load_library 有一个 android_dlextinfo* extinfo 参数传入,这个参数来源于 find_libraries->find_library_internal, 通过对比 android-6.0.0_r26android-6.0.0_r41 tag 可以发现,在 android-6.0.0_r26 时,find_libraries 加载 DT_NEEDED 代码如下
// Step 1: load and pre-link all DT_NEEDED libraries in breadth first order.
for (LoadTask::unique_ptr task(load_tasks.pop_front());
    task.get() != nullptr; task.reset(load_tasks.pop_front())) {
  soinfo* si = find_library_internal(load_tasks, task->get_name(), rtld_flags, extinfo);
  if (si == nullptr) {
    return false;
  }
  soinfo* needed_by = task->get_needed_by();
  if (needed_by != nullptr) {
    needed_by->add_child(si);
  }

android-6.0.0_r41 修改为了以下
// Step 1: load and pre-link all DT_NEEDED libraries in breadth first order.
for (LoadTask::unique_ptr task(load_tasks.pop_front());
    task.get() != nullptr; task.reset(load_tasks.pop_front())) {
  soinfo* needed_by = task->get_needed_by();
  soinfo* si = find_library_internal(load_tasks, task->get_name(),
                                     rtld_flags, needed_by == nullptr ? extinfo : nullptr);
  if (si == nullptr) {
    return false;
  }
  if (needed_by != nullptr) {
    needed_by->add_child(si);
  }

显然,extinfo 中携带的 ANDROID_DLEXT_USE_LIBRARY_FD 不应被用于其 DT_NEEDED 依赖,而 android-6.0.0_r1-android-6.0.0_r26 由于错误的将包含 ANDROID_DLEXT_USE_LIBRARY_FD 的 extinfo 传入了用于加载依赖的 find_library_internal 导致其依赖无法正常加载或链接。
939 views
盐酸乙酰胆碱
而 AVD 的 android-23/google_apis/x86_64 系统镜像并未包含此问题的修复,这导致在该系统镜像下任何使用 android_dlopen_ext+ANDROID_DLEXT_USE_LIBRARY_FD 加载具有除 libdl.so 以外依赖的原生库都将失败。
949 viewsedited  
盐酸乙酰胆碱
盐酸乙酰胆碱
写了点奇怪的东西 纯 Java 调用任意 Linux syscall, 仅支持 Android 平台。 https://github.com/cinit/LibcoreSyscall
LibcoreSyscall 现已支持在 Android 5.0-15 x86/x64/arm/arm64 纯内存(文件不落地)加载 ELF shared object.
该项目本体仍然是纯 Java 编译的单 dex(无 so 无 assets)
无文件加载 so 的用例可以 参考项目 README
🤯103🥰2
858 viewsedited  
盐酸乙酰胆碱
Forwarded from &'a ::rynco::UntitledChannel (NAVI) via @fxzhihu_bot
https://t.me/iv?url=https://www.fxzhihu.com/question/607622786/answer/34064346132&rhash=6bebaec97e3897
763 views
盐酸乙酰胆碱
CVE-2024-54143

An attacker can compromise the build artifact delivered from the sysupgrade.openwrt.org, allowing the malicious firmware image to be installed to the OpenWrt installation that uses the attended firmware upgrade, firmware-selector.openwrt.org, or CLI upgrade.

https://github.com/openwrt/asu/security/advisories/GHSA-r3gq-96h6-3v7q
GitHub
Build artifact poisoning via truncated SHA-256 hash and command injection
## Summary

Due to the combination of the command injection in the `openwrt/imagebuilder` image and the truncated SHA-256 hash included in the build request hash, an attacker can pollute the legi...
😱6
1.03K viewsedited  
盐酸乙酰胆碱
#跟风 https://postspark.app/
10🥰9
985 viewsedited  
盐酸乙酰胆碱
Arm64EC 的一些技术细节
注: Arm64EC 是 Windows 11 ARM64 运行 x86_64 应用程序所使用的方案
http://www.emulators.com/docs/abc_arm64ec_explained.htm
876 views