Posted by James Hooker on Mar 19
Hi XZ,
I managed to get a number of CVEs last year, but towards the end of the
year they simply stopped replying, so I’ve given up. Whether they stopped
replying due to work load, or whether my submissions were not up to their
requirements I’m not sure.
If you find out any more, I’d be interested in knowing why they’ve stopped
assigning CVEs to certain submission sources.
Kind regards,
James H
Posted by Luca Todesco on Mar 19
Hello,
I have recently found an exploitable heap overflow in a core OS X driver.
Particularly, the injectString function is vulnerable to an heap overflow and can be triggered without privileges of
any kind.
The vulnerable function can be seen at
http://opensource.apple.com/source/IOHIDFamily/IOHIDFamily-503.200.2/IOHIDSystem/IOHIDSecurePromptClient.cpp
I wrote a weaponized poc at http://github.com/kpwn/vpwn.
The KASLR leak included is…
Posted by Luca Todesco on Mar 19
Hello,
I have recently found an exploitable heap overflow in a core OS X driver.
Particularly, the injectString function is vulnerable to an heap overflow and can be triggered without privileges of
any kind.
The vulnerable function can be seen at
http://opensource.apple.com/source/IOHIDFamily/IOHIDFamily-503.200.2/IOHIDSystem/IOHIDSecurePromptClient.cpp
I wrote a weaponized poc at http://github.com/kpwn/vpwn.
The KASLR leak included is…
Posted by info on Mar 19
Hello,
I have recently found an exploitable heap overflow in a core OS X driver.
Particularly, the injectString function is vulnerable to an heap overflow and can be triggered without privileges of
any kind.
The vulnerable function can be seen at
http://opensource.apple.com/source/IOHIDFamily/IOHIDFamily-503.200.2/IOHIDSystem/IOHIDSecurePromptClient.cpp
I wrote a weaponized poc at http://github.com/kpwn/vpwn.
The KASLR leak is not reliable….
Red Hat Security Advisory 2015-0698-01 – Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
Ubuntu Security Notice 2536-1 – Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.
Red Hat Security Advisory 2015-0699-01 – PostgreSQL is an advanced object-relational database management system. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed. A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL.
Red Hat Security Advisory 2015-0700-01 – The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip’s ‘-t’ option. A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip’s ‘-t’ option.
Debian Linux Security Advisory 3196-1 – Hanno Boeck discovered that file’s ELF parser is susceptible to denial of service.
Gentoo Linux Security Advisory 201503-10 – Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. Versions less than 3.3.5-r1 are affected.