Qualys Wins Two Pwnie Awards – Best Privileged Escalation Bug And Most Under-Hyped Research

FOSTER CITY, Calif., Aug. 5, 2021 /PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a pioneer and main supplier of cloud-based safety and compliance options, right this moment introduced that its famend analysis workforce received two Pwnie Awards at Black Hat USA 2021: Best Privilege Escalation Bug for CVE-2021-3156: Heap-Primarily based Buffer Overflow in Sudo (Baron Samedit), and Most Under-Hyped Research for 21Nails. These awards honor the workforce for its cutting-edge analysis, discovery and accountable disclosure of latest and significant vulnerabilities in widespread software program purposes.

In a world the place unhealthy actors have gotten more and more subtle, and nearly weekly, uncover and exploit vulnerabilities in broadly used packages – analysis groups serve an extremely very important function in defending IT infrastructure and significant information. Qualys is dedicated to enabling its analysis workforce to conduct state-of-the-art analysis and determine vulnerabilities in widespread purposes earlier than attackers discover and maliciously exploit them.

The vital disclosures behind the award wins:

  • Greatest Privilege Escalation Bug: Heap-based buffer overflow in Sudo (Baron Samedit) is a heap-based buffer overflow vulnerability found in Sudo, a ubiquitous Unix program, exploitable by any native person, with out authentication.
  • Most Beneath-Hyped Analysis: 21Nails have been a number of vital vulnerabilities found within the Exim mail server, a few of which will be chained collectively to acquire full distant unauthenticated code execution and achieve root privileges.

The invention of those vulnerabilities outcomes from extraordinarily thorough supply code audits of every of those purposes over a interval of a number of months.

 » Read more from markets.businessinsider.com