is also possible to remotely exploit this
vulnerability without having "physical access."
Full description:
-
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
Regards,
Hector Marco & Ismael Ripoll.
signature.asc
Description: OpenPGP digital signature
unfortunately it was still present
in current Linux systems.
Details at:
http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
Best,
Hector.
--
Dr. Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat
). And so, the attacker may
take control of the computer.
More details at:
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
Regards,
Hector Marco & Ismael Ripoll.
--
Dr. Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.up
-by-eight.html
We sent a patch, and Linux 4.1 Will Improve AMD Bulldozer's ASLR Entropy Issue:
http://www.spinics.net/lists/linux-tip-commits/msg27373.html
--
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de Val
).
Advisory details at:
http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html
--
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)
at:
http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
Regards,
Hector Marco.
http://hmarco.org
,
Hector Marco.
http://hmarco.org
exploit, recommendations and a demonstrative video has
been
publish at: http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
Hector Marco.
http://cybersecurity.upv.es
Space Layout Randomisation ASLR
And execute arbitrary code with root privileges.
Exploit, fix and discussion in:
http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html
Regards,
Hector Marco.
http://hmarco.org
Cybersecurity researcher at:
http://cybersecurity.upv.es/
On 05/06/14 12:02, Daryl Tester wrote:
On 03/06/14 23:46, Hector Marco wrote:
Recently we discovered a bug in bash. After some time after reporting
it to bash developers, it has not been fixed.
...
Any comments about this issue are welcomed.
Details at:
http://hmarco.org/bugs/bash_4.3
ore difficult to exploit. So, the drop privilege code
has more sense nowadays than when was initially coded.
2014-06-03 16:16 GMT+02:00 Hector Marco :
Hi everyone,
Recently we discovered a bug in bash. After some time after reporting
it to bash developers, it has not been fixed.
We thi
attack.
We strongly recommend to patch your bash code.
Why don't fix this bug by simple adding mandatory "if" clause ?
Any comments about this issue are welcomed.
Details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html
Thanks you,
Hector Marco
http://hmarco.org
4.3 this vulnerability can be
successfully exploited. Bash bug details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html
Hector Marco
http://hmarco.org
are:
- dcmpsrcv
- dcmprscp
- movescu
- storescp
- dcmqrscp
- wlmscpfs
- dcmrecv
Details, patches, discussion and strategy to exploit at:
http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html
Hector Marco
http://hmarco.org
at:
http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html
Because we found a bug in bash <= 4.3 this vulnerability can be
successfully exploited. Bash bug details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html
Hector Marco
http://hmarco.org
are:
- dcmpsrcv
- dcmprscp
- movescu
- storescp
- dcmqrscp
- wlmscpfs
- dcmrecv
Details, patches, discussion and strategy to exploit at:
http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html
Hector Marco
http://hmarco.org
4.3 this vulnerability can be
successfully exploited. Bash bug details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html
Hector Marco
http://hmarco.org
:
http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html
Because we found a bug in bash <= 4.3 this vulnerability can be
successfully exploited. Bash bug details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html
Hector Marco
http://hmarco.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi guys,
The following is a bug that we found while we were working around
stack smashing protection techniques.
Title: CVE-2013-4788 - Eglibc PTR MANGLE bug
0.- Description
This bug was discovered in March 2013 while we were developing the RAF
19 matches
Mail list logo