Javier Muñoz

Betanzos (Spain)

Working at Igalia since 2006

Latest Updates

Javier Muñoz 28/06/2017

AWS4 browser-based upload goes upstream in Ceph

Some days ago Matt committed the great Radek's effort to have a more coherent and structured scaffolding in the Ceph RGW auth subsystem supporting the differences among the available auth algorithms. As part of this effort and patchset related to the RGW...

Javier Muñoz 16/06/2017

CVE-2017-7269 - Binary patch diffing

This Tuesday, Microsoft released additional updates for older platforms to protect against potential nation-state activity. Among the updates, the official patch fixing the CVE-2017-7269 vulnerability is available. This official patch is a good way to...

Javier Muñoz 17/04/2017

CVE-2017-7269 - IIS 6.0 WebDAV remote code execution

This blog post contains my technical notes on the Microsoft Internet Information Services (IIS) 6.0 WebDAV 'ScStoragePathFromUrl' buffer overflow vulnerability (CVE-2017-7269). While the root cause of this bug is a simple stack overflow, the public proof...

Javier Muñoz 16/12/2016

Ceph RGW AWS4 presigned URLs working with the Minio Cloud client

Some fellows are using the Minio Client (mc) as their primary client-side tool to work with S3 cloud storage and filesystems. As you may know, mc works with the AWS v4 signature API and it provides a modern alternative under the Apache 2.0 License to UNIX...

Javier Muñoz 12/10/2016

Multipart Upload (Copy part) goes upstream in Ceph

The last Upload Part (Copy) patches went upstream in Ceph some days ago. This new feature is available in the master branch now, and it will ship with the first development checkpoint for Kraken. In S3, this feature is used to copy/move data using an...