Back To Schedule
Tuesday, October 27 • 16:15 - 17:05
Demystifying Open Source Crash Reporter: An In-depth Security Analysis - Seong-Joong Kim, National Security Research Institute

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Software vendors provide crash reporter to automatically collect crash reports from users to facilitate efficient handling of crash of their products. The crash reporter should be secure and reliable due to the fact that it handles sensitive information, such as core dump that captures the CPU context and memory contents of the crashed program, and helps to address the issue of crashed program. Unfortunately, several security flaws have been reported to the various crashing reporter for Windows, Mac OS X, Linux, Mozilla, etc. In this talk, Seong-Joong Kim will address security problems that reside in popular open source project for crash reporter. After auditing the source code, he found several flaws in the project, caused by unrestricted file upload vulnerability. When it allows the upload of an arbitrary crash report and the attacker may overflow a buffer on heap-memory, unhandled exception or cause resource exhaustion, which may lead to dreadful consequences. He will demonstrate those attacks and share the steps for improving security of the crash reporter.

avatar for Seong-Joong Kim

Seong-Joong Kim

Security Researcher, National Security Research Institute
Seong-Joong Kim is a member of research staff at the National Security Research Institute. Prior to that, he was a researcher at TmaxSoft R&D Center for alternative service as mandatory military service duty. Also, he interned at Samsung Electronics in the capacity of a Software Engineer... Read More →

Tuesday October 27, 2020 16:15 - 17:05 GMT
OS Dependability Theater