Full Disclosure
Posted by Berend-Jan Wever on Jun 24
Obviously, this may be of interest to authors of security software that
aims to mitigate exploitation of 0-day: it should be possible to:
1) actively reserve memory regions referenced by such pointers to
prevent allocation by an exploit. The additional address space
fragmentation should not be a problem for most applications, but I have
no data, so you might want to consider:
2) analyze various binaries for their use of magic values, and actively…
Posted by Berend-Jan Wever on Jun 24
(You can read all this information in more detail on
http://blog.skylined.nl)
Software components such as memory managers often use magic values to
mark memory as having a certain state. These magic values can be used
during debugging to determine the state of the memory, and have often
(but not always) been chosen to coincide with addresses that fall
outside of the user-land address space on 32-bit versions of the
Operating System. This can…
Posted by Brandon Perry on Jun 24
Hello lists
Attached is a test case for causing a crash in libical 0.47 (shipped with Thunderbird) and this was also tested against
1.0 (various versions shipped with various email clients).
=================================================================
==24662==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000004fbb80 bp 0x7ffd68d966f0 sp
0x7ffd68d96520 T0)
#0 0x4fbb7f in icalproperty_new_clone…
Posted by redrain root on Jun 24
TIMELINE
rootredrain submitted a report to Ruby.
show raw
Jun 22nd
Hi,
I would like to report a HTTP Header injection vulnerability in
‘net/http’ that allows attackers to inject arbitrary headers in
request even create a new evil request.
PoC
require ‘net/http’
http = Net::HTTP.new(‘192.168.30.214′,’80’)
res = http.get(“/r.php HTTP/1.1rnx-injection: memeda”)
Example
Server Code:…
Posted by Karn Ganeshen on Jun 24
*EdgeCore – Layer2+ Fast Ethernet Standalone Switch ES3526XA Manager –
Multiple Vulnerabilities*
Also rebranded as: *SMC TigerSwitch 10/100 SMC6128L2 Manager*
Object ID:
1.3.6.1.4.1.259.8.1.5
Switch Information
Posted by Berend-Jan Wever on Jun 24
I’ve released a Proof-of-Concept html page that uses Javascript typed
arrays in 32-bit Chrome and Firefox on 64-bit Windows to allocated
address 0xDEADBEEF and store the value 0xBADC0DED there. You can find
this and details on the implementation at
http://blog.skylined.nl/20160622001.html.
That page also contains a write-up on CVE-2014-1736; a vulnerability in
32-bit Chrome on 64-bit Windows that allows arbitrary read&write that
was…
Posted by Karn Ganeshen on Jun 24
*Sierra Wireless AirLink Raven XE Industrial 3G Gateway – Multiple
Vulnerabilities*
*About*
http://www.sierrawireless.com/products-and-solutions/gateway-solutions/raven-series/
Rugged Design and Advanced Security for Fixed and Portable Wireless
Communication
Raven XE/XT
Compact design for industrial applications
Ethernet (XE) or serial (XT) options with USB and digital I/O
*APPLICATIONS:*
Remote Monitoring Surveillance Vending/Kiosk…
Posted by Francisco Amato on Jun 24
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to…
Posted by ERPScan inc on Jun 24
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP Application server for Java 7.2 – 7.4
Vendor URL: http://SAP.com
Bugs: denial of service
Sent: 04.12.2015
Reported: 05.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 14.03.2016
Reference: SAP Security Note 2259547
Author: Dmitry Yudin (ERPScan) @ret5et
Description
1. ADVISORY INFORMATION
Title: SAP Application server for Java – DoS vulnerability
Advisory…
Posted by ERPScan inc on Jun 24
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.2 – 7.4
Vendor URL: http://SAP.com
Bugs: denial of service
Sent: 04.12.2015
Reported: 05.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 14.03.2016
Reference: SAP Security Note 2256185
Author: Dmitry Yudin (ERPScan) @ret5et
Description
1. ADVISORY INFORMATION
Title: SAP JAVA AS icman – DoS vulnerability
Advisory ID:…