newcastlecy / hustoj

Automatically exported from code.google.com/p/hustoj
0 stars 0 forks source link

Security Holes Discovered in judge_client of HUSTOJ #60

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
The OpenJudge Alliance (http://openjudge.net) have recently conducted a 
security assessment of HUSTOJ. We are sorry to report that a series of design 
pitfalls and defects have been discovered in the judge_client core component of 
HUSTOJ, which can lead to severe security risks including 1) executing 
arbitrary binary code on the judge server, 2) leak of system information, 3) 
leak of test data, etc. 

The full text of the report is available online at 
http://openjudge.net/Report/201112A

Original issue reported on code.google.com by PineAppl...@gmail.com on 8 Dec 2011 at 9:15

GoogleCodeExporter commented 9 years ago
Sorry for my mistakes

Thanks to PineApple.Liu for all the works and efforts.
Thanks God to let a responsible hack get this first rather than any crackers.

I'll try to learn new things to fix this and mean while wish to get help from 
any volunteer. 

Contact me with newsclan@gmail.com or QQ:10982766.

Thanks Liu again, and keep in touching.

Original comment by newsc...@gmail.com on 9 Dec 2011 at 2:59

GoogleCodeExporter commented 9 years ago
Just validated that C++ is also affected by this issue. See the updated 
technical report version 1.2 at http://openjudge.net/Report/201112A

Original comment by PineAppl...@gmail.com on 12 Dec 2011 at 8:58

GoogleCodeExporter commented 9 years ago
Hi,

Is there any plan to overcome this issues?

Original comment by amir.sab...@gmail.com on 12 Jun 2012 at 7:04

GoogleCodeExporter commented 9 years ago
http://code.google.com/p/hustoj/wiki/SecurityPatch

Original comment by newsc...@gmail.com on 13 Jul 2012 at 2:07