Posted by Shahar Tal on Dec 22

Well noted.
I do trust members of this list to help release the information I couldn’t.

Cheers,
Shahar

________________________________
From: Michal Zalewski
Sent: Friday, December 19, 2014 6:56:20 AM
To: Shahar Tal
Cc: fulldisclosure () seclists org
Subject: Re: [FD] The Misfortune Cookie Vulnerability

I think you might have accidentally pasted the wrong link. This one
doesn’t seem to contain additional information.

Cheers,
/mz…

Posted by Shahar Tal on Dec 22

Hi Sandro,
As I commented before, we are bound by policy that is out of my personal reach at the moment.
I can tell you, however, that when any independent researcher looks into the HTTP cookie parsing function in the
RomPager 4.07 binary, his bounds will not be checked.

Cheers,
Shahar

From: Sandro Gauci [mailto:sandro () enablesecurity com]
Sent: יום ו 19 דצמבר 2014 09:57
To: Michal Zalewski
Cc: Shahar Tal; fulldisclosure () seclists…

Posted by Stefan Kanthak on Dec 22

Hi @ll,

in their software development kits Microsoft typically ships
Visual C++ (cross) compilers with headers and libraries,
including the MSVCRT for both static and dynamic linking.

The compiler(s) and the libraries are almost never updated (the
only update I know is <https://support.microsoft.com/kb/949408>),
not even when a vulnerability has been detected and patched;
sometimes they are even outdated when the SDK ships.

The result:…

Posted by Sandro Gauci on Dec 22

The most technical it seems to get is the following:

<quote>
The Misfortune Cookie vulnerability is exploitable due to an error within
the HTTP cookie management mechanism present in the affected software,
allowing an attacker to determine the ‘fortune’ of a request by
manipulating cookies. Attackers can send specially crafted HTTP cookies
that exploit the vulnerability to corrupt memory and alter the application
state. This, in…

Posted by MustLive on Dec 22

Hello participants of Mailing List.

After the article about me and Ukrainian Cyber Forces on Global Voices
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2014-December/009065.html),
here is the article on BBC. I gave interview for both of these journalists.

Ukraine conflict: Hackers take sides in virtual war
http://www.bbc.com/news/world-europe-30453069

Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator…

Posted by Project Zero Labs on Dec 22

———-
Background
———-

Libtiff provides support for the Tag Image File Format (TIFF), a widely
used format for storing image data.

—————-
Software Version
—————-

All tests were performed using libtiff 4.0.3

———–
Description
———–

Fuzzing bmp2tiff, using the afl-fuzzer, revealed an integer overflow
issue related to the dimensions of the input BMP image. The issue
resulted in an out-of-bounds…

Posted by Vantage Point Security on Dec 22

Vantage Point Security Advisory 2014-004
========================================

Title: SysAid Server Arbitrary File Disclosure
ID: VP-2014-004
Vendor: SysAid
Affected Product: SysAid On-Premise
Affected Versions: < 14.4.2
Product Website: http://www.sysaid.com/product/sysaid
Author: Bernhard Mueller <bernhard[at]vantagepoint[dot]sg>

Summary:
—
SysAid Server is vulnerable to an unauthenticated file disclosure
attack that allows an…

Posted by LayerSEC Ltd on Dec 22

Already disclosed
http://www.exploit-db.com/exploits/35040/

# Exploit Title: iBackup <= 10.0.0.32 Local Privilege Escalation
# Date: 23/01/2014
# Author: Glafkos Charalambous <glafkos.charalambous[at]unithreat.com>
# Version: 10.0.0.32
# Vendor: IBackup
# Vendor URL: https://www.ibackup.com/
# CVE-2014-5507

—–Original Message—–
From: Fulldisclosure [mailto:fulldisclosure-bounces () seclists org] On Behalf Of Vulnerability Lab…

Posted by J. Tozo on Dec 22

=====[Alligator Security Team – Security Advisory]========
– Graylog2-Web LDAP Injection – CVE-2014-9217 – Author: José Tozo <
juniorbsd () gmail com > =====[Table of
Contents]================================== 1. Background 2. Detailed
description 3. Other contexts & solutions 4. Timeline 5. References
=====[1. Background]====================================== Graylog2 is a
free and open source system that allows you to centralize,…

Posted by Gynvael Coldwind on Dec 22

To be honest I’m getting rather annoyed by how Check Point is (mis)handling
this vulnerability. I mean, there is already a “cool marketing name”, there
is a website dedicated to it, there is already this huge FAQ not answering
the basic questions, etc.
But there is no information on it except for “vulnerability in the Cookie
parsing module of these SOHO”.

Seriously, if you can’t disclose the vulnerability yet,…