360 Security found critical bug of EOS, welcome 360!

in #eos6 years ago (edited)

The 360 Vulcan team discovered a series of critical vulnerabilities in EOS, which is about to launch its mainnet on 2nd June. It has been verified that some of these vulnerabilities can remotely execute arbitrary code on the EOS node, which allows attackers to take over all nodes running on EOS remotely.
6d0b65e7ly1frse0t8dicj20m80f3t9s.jpg
360 security has reported the vulnerability to EOS team and helped them fix the bug. According to EOS, the mainnet will not be launched until these issues are resolved.
微信图片_20180529151254.jpg

Technical Detail of the Vulnerability
http://blogs.360.cn/blog/eos-node-remote-code-execution-vulnerability/
001bm.jpg
002bm.jpg
003bm.jpg

guhe120 replied 9 hours ago
Hi, there is still some problem with this patch. in 32-bits process, offset + segment.data.size() could overflow and bypass the FC_ASSERT check
https://github.com/EOSIO/eos/commit/ea89dce21d13d41a22b3512a27be97b4be9df755#diff-671058723b1361470a92aa367e1a24e6

6 years ago in #eos by
$0.00
    5 votes
    Reply 0

    Coin Marketplace

    STEEM 0.27
    TRX 0.11
    JST 0.030
    BTC 71077.17
    ETH 3807.29
    USDT 1.00
    SBD 3.47