Comments (5)
SebastianDeiss
commented on June 14, 2024
Should be fixed with de344eb.
from peekabooav.
Jack28
commented on June 14, 2024
Please be aware that this issue now/still affects the oneanalysis rule inside the toolbox.
The only difference is that the files have to be sent within a short time span.
from peekabooav.
Jack28
commented on June 14, 2024
I have to correct myself on this.
In a scenario where an attacker first sends the file as .txt shortly after as e.g. .pdf.
First Sample will run as expected. The second Sample within Oneanalysis will stop because it checks for identical (sha256sum) in pjobs (doesn't check file extension here).
FirstSample then queues SecondSample after reporting which isn't know yet (sha256sum + file extension).
So this is only a bug that delayes analysis not a security issue
from peekabooav.
Jack28
commented on June 14, 2024
I believe this is not an issue anymore.
@SebastianDeiss, please double check and close
thx
from peekabooav.
SebastianDeiss
commented on June 14, 2024
LGTM in 1.5.1, so I'm closing this issue.
from peekabooav.
Related Issues (20)
- Server hits recv limit HOT 1
- Operational error 'Deadlock found' from SQLAlchemy with mysql when trying in-flight lock under load HOT 4
- Check file extension extraction for consistency / usefulness in conjunction with cuckoo being sensitive to spaces in filenames HOT 1
- Extract IOC out of Cuckoo report
- Another peepdf traceback in cuckoo HOT 1
- Consider raising minimum version of dependency on python magic to 0.4.17
- Reconsider database transaction locking
- Reconsider aggressive database connection pool recycling
- Validation error with dummy filereport and expression referencing type_as_text
- Add retries for additional database connectivity scenarios
- Handle URI-parameters-like notation in declared filenames
- Security vulnerability: Regex matching in ruleset HOT 3
- python3.10 incompatibility of colorclass affecting us via oletools HOT 4
- expressions cannot express empty set
- Support TLS on REST API
- PID file can contain our own pid and confuse us
- pyparsing 3 compatibility HOT 3
- urllib3.util.retry.Retry DeprecationWarning for 'method_whitelist'
- Early shutdown not working due to switch to asyncio signal handler HOT 1
- Dynamically learn available Cortex analysers and their versions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from peekabooav.