GO SUCK A LEMON
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Lane
Christiansen
Sent: 31. august 2009 06:07
To: John Q Publix
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Why FD
I've released an exploit for the Linux sock_sendpage() NULL pointer
dereference[1], discovered by Tavis Ormandy and Julien Tinnes. This exploit
was written to illustrate the exploitability of this vulnerability on
Power/Cell BE architecture.
The exploit makes use of the SELinux and the
On Sun, 30 Aug 2009 01:09:55 BST, lsi said:
The biological metaphor does suggest that Microsoft would take some
kind of evasive action, and I think their only option is to license
unix, just as Apple did (although Apple did it for different
reasons). Doing this will solve many problems,
Confirmed.
Ask yourselves why your fuzzers haven't found that one - Combination of
MKDIR are required before reaching vuln code ?
--
http://blog.zoller.lu
Thierry Zoller
___
Full-Disclosure - We believe in it.
Charter:
Dear Thierry Zoller,
I think yes, MKDIR is required. It should be variation of
S99-003/MS02-018. fuzzer should be very smart to create directory and
user both oversized buffer and ../ in NLST - it makes path longer than
MAX_PATH with existing directory.
--Monday, August 31,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1875-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 31, 2009
Hello list,
I have to clarify some things on the globbing vulnerability here.
The posted PoC (with the fine art) does NOT exploit IIS6 ftp servers,
IIS6 ftp server IS affected by the buffer overflow but is properly protected
by stack canaries. AFAIK it looks like a DoS on Windows Server 2003.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
1. *Advisory Information*
Title: Dnsmasq Heap Overflow and
The readers did decide, that's why he's banned. If you still like
reading his garbage go find whatever bridge he's currently living
under and subscribe. If you believe that the days with n3td3v on the
list were FD's glory days you're either ignorant or stupid.
On Mon, Aug 31, 2009 at 1:56 AM,
why would anyone write a 0day with...
# bug found exploited by Kingcope, kcope2atgooglemail.com
# Affects IIS6 with stack cookie protection
# August 2009 - KEEP THIS 0DAY PRIV8
... then plaster it all over the internet? have you forgotten what
you, yourself wrote?
if you guys really wanna
Nice find Kingcope,
As Thierry mentioned it, i guess it was a pain to find it, nice one as
always, your finding rocks.
Cheers
2009/8/31 r1d1nd1rty r1d1nd1...@hush.com
why would anyone write a 0day with...
# bug found exploited by Kingcope, kcope2atgooglemail.com
# Affects IIS6 with stack
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
VMware Security Advisory
Advisory ID: VMSA-2009-0011
Synopsis: VMware Studio 2.0 addresses a security issue in the
public
12 matches
Mail list logo