Original URL: http://hkpco.kr/advisory/CVE-2013-1059.txt
Linux Kernel libceph Null Pointer Dereference Vulnerability
(CVE-2013-1059)
Author - Chanam Park (@hkpco)
Website - http://hkpco.kr/
Date - 2013. 07. 06
0. Introduction
This is very brief advisory just to record the
Are you really that dumb or are you just pretending?
The crash you showed does not control eip. It's not even write access
violation. Instead it's READ access violation. And you try to write into the
register (not even arbitrary memory, hence even if read is successful you may
or may not gain
Hi All,
Ground Zero Infosec Summit is an initiative of independent apex
not-for-profit body and is an outcome of an alliance between industry and
Government of India to tackle emerging cyber security threats against
critical information infrastructure. The summit is supported by the Govt.
of
My initial thoughts after adding the user and rebooting was that it was
only valid in the recovery console session or something as once i rebooted
it was gone...
Tried it again today in a different place and same deal. Reboot no new
user...
Anyone have this working after reboot?
Once you've
1.The crash you showed does not control eip
(its not a stack-based bof)
2.not even arbitrary memory
(check further instructions)
On Wed, Jul 10, 2013 at 3:03 AM, kaveh ghaemmaghami
kavehghaemmagh...@googlemail.com wrote:
Hello list,
regarding to nonsense VLC post
On Wed, Jul 10, 2013 at 10:57 AM, kaveh ghaemmaghami
kavehghaemmagh...@googlemail.com wrote:
1.The crash you showed does not control eip
(its not a stack-based bof)
And? You still need to control EIP or the exploit doesn't, you know,
actually work. :P
2.not even arbitrary memory
(check
You're either lazy
i did
i really don't appreciate your troll (with out any investigation
and analysis )
On Wed, Jul 10, 2013 at 3:03 AM, kaveh ghaemmaghami
kavehghaemmagh...@googlemail.com wrote:
Hello list,
regarding to nonsense VLC post
Mario,
As far as I see, the code snippet provided (the only insn) dereferences an
attacker-controlled value. What happens next is not really clear since it
is only one insn in the dump and I am too lazy to actually install VLC and
dig in, but it shows that you can at least control the contents of
On 30 June 2013 16:57, Kingcope wrote:
The US is spying on us .. Huh? Why didn't you tell us before !
He's also the only one still detecting communism in 2013...
--
Marco Ermini
root@human # mount -t life -o ro /dev/dna /genetic/research
http://www.linkedin.com/in/marcoermini
Jesus saves...
It won't.
The whole point is to have full local access to hard-drives (from a locked
workstation for eg), to modify/read things in it.
The loaded environment IS a live environment. I would say: almost a copy of
the install CD loaded from the hard-drive.
What you can do is : take the SAM, modify
View online: https://drupal.org/node/2038801
* Advisory ID: DRUPAL-SA-CONTRIB-2013-056
* Project: Stage File Proxy [1] (third-party module)
* Version: 7.x
* Date: 2013-July-10th
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Multiple
View online: https://drupal.org/node/2038363
* Advisory ID: DRUPAL-SA-CONTRIB-2013-055
* Project: Hatch [1] (third-party theme)
* Version: 7.x
* Date: 2013-July-10
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/2038807
* Advisory ID: DRUPAL-SA-CONTRIB-2013-057
* Project: TinyBox (Simple Splash) [1] (third-party module)
* Version: 7.x
* Date: 2013-July-10
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
Title:
==
Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability
Date:
=
2013-07-09
References:
===
http://www.vulnerability-lab.com/get_content.php?id=1000
VL-ID:
=
1000
Common Vulnerability Scoring System:
6.7
Hi List,
today, we will show a bug concerning OpenSSH. OpenSSH is the most used
remote control software nowadays on *nix like operating systems. Legacy
claims it replaced unencrypted daemons like rcp, rsh and telnet. Find a
version at: https://www.openssh.com.
By testing several OpenSSH
Hi @ll,
the current Adobe Reader 11.0.03 installs the following VULNERABLE (3rd party)
components:
1. Adobe Flash Player Plugin 11.5.502.110
| X:\filever.exe /S %ProgramFiles%\Adobe\npswf*.dll
|x:\program files\adobe\reader 11.0\reader\npswf*.dll
| --a-- W32i DLL ENU11.5.502.110
(see attachment)
Kingcope
ngxunlock.pl
Description: Binary data
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability
FOREGROUND SECURITY, SECURITY ADVISORY 2013-001
- Original release date: July 10, 2013
- Discovered by: Adam Willard (Software Security Analyst at Foreground
[Full-Disclosure] Mailing List Charter
John Cartwright jo...@grok.org.uk
- Introduction Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with
While the detail is satisfying, I think this could all be filed under a
single CVE entitled Almost all Windows software ships outdated MSVC and
other Microsoft runtime components in direct contravention of the
license.
I gave up trying to report this sort of thing back with Dropbox, years
ago,
On Jul 10, 2013 1:51 PM, Gregory Boddin greg...@siwhine.net wrote:
It won't.
The whole point is to have full local access to hard-drives (from a
locked workstation for eg), to modify/read things in it.
The loaded environment IS a live environment. I would say: almost a copy
of the install CD
Haven't tried but lets say we can copy the SAM off the box somehow,
recovery console is running as system which can read the SAM and
Did Candlejack get you or somethi
___
Full-Disclosure - We believe in it.
Charter:
On Jul 10, 2013 9:16 PM, some one s3cret.squir...@gmail.com wrote:
On Jul 10, 2013 1:51 PM, Gregory Boddin greg...@siwhine.net wrote:
It won't.
The whole point is to have full local access to hard-drives (from a
locked workstation for eg), to modify/read things in it.
The loaded
Oh your one of the group that's been pounding ports over the last couple months
from a block of /28's and /30's ?
Sure do appreciate the kind regard and heads up.
Funny how about a week to two weeks after that ends your report shows up here.
Good going... This is old knowledge and research is
I havent tried this yet but it makes sense.
To avoid linearization attacks from figuring out sensitive data, there are
specific precautions that are taken. (some UNIX login program had a similar
timing issue if I am not mistaken).
From the looks of it, sshd is looking for the username in some file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-2719-1 secur...@debian.org
http://www.debian.org/security/ Michael Gilbert
July 10, 2013
26 matches
Mail list logo