On Wed, 2 Oct 2002, buzheng wrote:
I do not think this is a new bug.
I completely agree.
But, the remote setting of TTYPROMPT does matter. you can not succeed in
login without remotely changing the TTYPROMPT. This is also the bug
mentioned in Jonathan's original letter (bid:5531).
That's
and incremental) for UDP and ICMP
packets. The interesting thing with TCP, though, is that it can be
exploited to perform an idle scan, while i don't see security implications
with UDP and ICMP, despite the obvious information leak.
Cheers,
--
Marco Ivaldi
Antifork Research, Inc. http
packets tramitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 53.7/56.4/59.1 ms
Cheers,
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
may also be
affected) i've the feeling they're not going to fix this any soon: in the
next days i'll see if i can find some spare time to dig a bit into kernel
code to identify the cause and maybe even provide a patch.
Cheers,
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05
all the major ISPs to
break regular DNS functionality and override these censored records:
http://www.aams.it/site.php?page=20060213093814964op=download
Italy is the first democratic country to do something like that, AFAIK.
Just my 2 euro-cents,
--
Marco Ivaldi
Antifork Research, Inc. http
not terribly uncommon to find such setups, which allow
to escalate privileges from DBMS user to OS user... Therefore, i though it
would have been nice to share this proof-of-concept code with the security
community;)
Ciao,
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05
/2002/10/msg00020.html
[2] http://www.0xdeadbeef.info/exploits/raptor_rlogin.c
Cheers,
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
user. This may have some small security implications: i suppose an
additional check on the ownership of the libraries wouldn't hurt here.
Cheers,
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
://www.security-database.com/toolswatch/AS-400-Auditing-Framework-Beta.html
Cheers,
--
Marco Ivaldi, OPST
Red Team Coordinator Data Security Division
@ Mediaservice.net Srlhttp://mediaservice.net/
of tests performed on other distros and
configurations.
Thanks to Solar Designer and Andrea Barisani for the interesting
discussion on this topic.
Cheers,
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707[EMAIL PROTECTED]:~$ #
[EMAIL
and auditors
to spot some other timing leaks.
Cheers,
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
-end has landed!
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
$10$KZFZX7yYEpbfDvwP6Z5N5ut4Gc/rdIF64/TmpWssIPQvROTiK/TiG:13433:0:9:7:::
[password has been manually changed to test321]
[EMAIL PROTECTED]: ./sshtime localhost dict
sshtime v0.1 - Simple OpenSSH remote timing attack tool
Copyright (c) 2006 Marco Ivaldi [EMAIL PROTECTED]
[EMAIL PROTECTED
. Exploiting this requires the same permission levels that would be
required to change or access the password anyway. Where's the realistic
security threat?
Rob
--
--
Marco Ivaldi OPSA, OPST, OWSE, QSA, ASV
Senior
.com/0xdea/raptor_infiltrate19
Regards,
--
Marco Ivaldi, SAT Manager
CISSP, OSCP, QSA, ASV, OPSA, OPST, OWSE, LA27001, PRINCE2F
@Mediaservice.net S.r.l. con Socio Unico
https://www.mediaservice.net/
@Mediaservice.net (Cybaze Group) Security Advisory #2019-01 (updated on
2019-05-08)
Ti
et/2019/10/local-privilege-escalation-on-solaris-11-x-via-xscreensaver/
https://github.com/0xdea/exploits/blob/master/solaris/raptor_xscreensaver
Regards,
--
Marco Ivaldi, SAT Manager
CISSP, OSCP, QSA, ASV, OPSA, OPST, OWSE, LA27001, PRINCE2F
@Mediaservice.net S.r.l. con Socio U
rtial contents
of sensitive files. Due to the fact that target files must be in a very
specific format, exploitation of this flaw to escalate privileges in a
realistic scenario is unlikely."
Regards,
--
Marco Ivaldi, Offensive Security Manager
CISSP, OSCP, QSA, ASV, OPSA, OPST, OWSE, LA27001
ion/
https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtsession_ipa.c
Regards,
--
Marco Ivaldi, Offensive Security Manager
CISSP, OSCP, QSA, ASV, OPSA, OPST, OWSE, LA27001, PRINCE2F
@Mediaservice.net S.r.l. con Socio Unico
https://www.mediaservice.net/
Tel: +39 011 19016595 | Fa
18 matches
Mail list logo