Posted by Stefan Kanthak on Jan 15
“Michel Arboi” <michel.arboi () gmail com> wrote:
See <http://seclists.org/oss-sec/2016/q1/58> alias CVE-2016-1281
And see <http://seclists.org/fulldisclosure/2015/Nov/101> again:
| almost all executable installers (and self-extractors as well
| as “portable” applications too) for Windows have a well-known
| (trivial, trivial to detect and trivial to exploit) vulnerability:
and has a vulnerable installer,…
Posted by Stefan Kanthak on Jan 15
Hi @ll,
IExpress (<https://msdn.microsoft.com/en-us/library/dd346760.aspx>)
creates executable installers [°] or self-extracting archives for
Windows by embedding a .CAB archive and some strings as resources
into a copy of the program %SystemRoot%System32WExtract.exe.
These self-extracting archives/executable installers, especially
those made by Microsoft [‘] (available in the Microsoft download
center or distributed per Windows…
Posted by Stefan Kanthak on Jan 15
Hi @ll,
the executable installers python-3.5.1-webinstall.exe and
python-3.5.1.exe available on
<https://www.python.org/downloads/windows/> load and execute
multiple DLLs from their “application directory”.
For software downloaded with a web browser the application
directory is typically the user’s “Downloads” directory: see
<https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html…
Posted by Stefan Kanthak on Jan 15
Hi @ll,
in 2009/2010, after beeing hit by “carpet bombing” and “binary
planting” alias “DLL hijacking/spoofing/preloading” (see
<https://blogs.technet.com/b/srd/archive/2009/04/14/ms09-014-addressing-the-safari-carpet-bomb-vulnerability.aspx>
and <https://technet.microsoft.com/en-us/library/2269637.aspx>)
Microsoft finally started to provide security guidance/advisories
for “safe library…
Posted by Michel Arboi on Jan 15
The project has been abruptly killed by the developers without any
clear explanation. There’s something fishy and it cannot be trusted
anymore.
Spend your time and energy on forks like CipherShed or VeraCrypt!
AFAIK, TrueCrypt 7.2 is only capable of decryption. It is provided so
that users can migrate their data to another system.
Posted by Qualys Security Advisory on Jan 15
Qualys Security Advisory
Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
========================================================================
Contents
========================================================================
Summary
Information Leak (CVE-2016-0777)
– Analysis
– Private Key Disclosure
– Mitigating Factors
– Examples
Buffer Overflow (CVE-2016-0778)
– Analysis
– Mitigating Factors
– File Descriptor Leak…
Posted by Pierre Kim on Jan 15
## Advisory Information
Title: FreeBSD bsnmpd information disclosure
Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-5677-freebsd-bsnmpd.txt
Blog URL: https://pierrekim.github.io/blog/2016-01-15-cve-2015-5677-freebsd-bsnmpd.html
Date published: 2016-01-15
Vendors contacted: FreeBSD
Release mode: Released
CVE: CVE-2015-5677
## Product Description
The bsnmpd daemon serves the Internet SNMP (Simple Network Management
Protocol). It…
Posted by Patrick Toomey on Jan 15
It seems that this issue was originally disclosed here:
http://seclists.org/fulldisclosure/2015/Feb/0. Eventually a CVE was
assigned: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0072 and
then MSFT released a patch:
https://technet.microsoft.com/en-us/library/security/ms15-018.aspx. But,
according to https://blog.innerht.ml/ie-uxss/ (and local testing) it
remains unpatched for Windows 8.1 on IE 11. Do anyone have any insight into…
Posted by Scott Arciszewski on Jan 15
Hi Full Disclosure Readers,
Let’s jump right into the vulnerability:
In May of last year, I reported to CryptoGuard that their cryptography
wasn’t guarding against chosen-ciphertext attacks, which is the sort of
oversight that would allow me to intercept a ciphertext message then keep
feeding it back into the decryption process with slight alterations until I
recovered the plaintext.
Posted by GomoR on Jan 15
Hi list,
I would like to introduce you to The Metabrik Platform, please find a
complete description below.
For the impatient, you can see it in action at the following link:
http://www.metabrik.org/blog/2016/01/09/malware-analysis-with-vm-instrumentation-wmi-winexe-volatility-and-metabrik/
The Metabrik Platform bind togother a classic Shell with a Perl
interpreter as a REPL (Read-Eval-Print-Loop) and a ton of small Briks.
Briks are reusable…