Next Page >>
Dan Kaminsky
expressions in certificate names. A remote attacker could create a
specially crafted certificate to cause a denial of service (via application
crash) or execute arbitrary code as the user invoking the program.
(CVE-2009-2404)
Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
not properly handle certificates with NULL characters in the certificate
name. An attacker could exploit this to perform a man in the middle attack
to view sensitive information or alter encrypted communications.
(CVE-2009-2408)
--- El mar, 5/1/10, T Biehn <tbiehn@gmail.com> escribi:
> De: T Biehn <tbiehn@gmail.com>
> Asunto: Re: [Full-disclosure] [Tool] DeepToad 1.1.0
> Para: "Dan Kaminsky" <dan@doxpara.com>
> CC: "Joxean Koret" <joxeankoret@yahoo.es>, "Full Disclosure" <full-disclosure@lists.grok.org.uk>, bugtraq@securityfocus.com
> Fecha: martes, 5 de enero, 2010 15:56
> I can see what you're saying, it
> could be useful for finding
> differences in different versions of the same binary but
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
Although DNS cache poisoning attacks are not new, security researcher
Dan Kaminsky of IOActive recently presented a technique that makes DNS
cache poisoning attacks more likely to succeed. Cisco would like to
thank Dan Kaminsky for notifying vendors about his findings.
Note that vulnerability information for Cisco IOS Software is being
provided in this advisory outside of the announced publication schedule
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
> Sent: Thursday, June 02, 2011 6:00 PM
> To: security@acrossecurity.com; 'Dan Kaminsky'
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] COM Server-Based Binary
> Planting ProofOfConcept
>
> But it *is* worth mentioning that you have to create the
Michael Wojcik wrote:
>> From: Stefan Kanthak [mailto:stefan.kanthak@nexgo.de]
>> Sent: Saturday, 06 February, 2010 08:21
>>
>> Dan Kaminsky wrote:
>>
>> [...]
>>
>> > (On a side note, you're not going to see this sort of symlink stuff
>> > on Windows,
expressions in certificate names. A remote attacker could create a
specially crafted certificate to cause a denial of service (via application
crash) or execute arbitrary code as the user invoking the program.
(CVE-2009-2404)
Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
not properly handle certificates with NULL characters in the certificate
name. An attacker could exploit this to perform a man in the middle attack
to view sensitive information or alter encrypted communications.
(CVE-2009-2408)
>
>
>> -----Original Message-----
>> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
>> Sent: Thursday, June 02, 2011 6:00 PM
>> To: security@acrossecurity.com; 'Dan Kaminsky'
>> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
>> Subject: RE: [Full-disclosure] COM Server-Based Binary
>> Planting ProofOfConcept
>>
>> But it *is* worth mentioning that you have to create the
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
> Sent: Thursday, June 02, 2011 6:00 PM
> To: security@acrossecurity.com; 'Dan Kaminsky'
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] COM Server-Based Binary
> Planting ProofOfConcept
>
> But it *is* worth mentioning that you have to create the
Credits
=======
Dan Kaminsky is credited with originally discovering this vulnerability.
References
==========
>>
>>
>>> -----Original Message-----
>>> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
>>> Sent: Thursday, June 02, 2011 6:00 PM
>>> To: security@acrossecurity.com; 'Dan Kaminsky'
>>> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
>>> Subject: RE: [Full-disclosure] COM Server-Based Binary
>>> Planting ProofOfConcept
>>>
>>> But it *is* worth mentioning that you have to create the
expressions in certificate names. A remote attacker could create a
specially crafted certificate to cause a denial of service (via application
crash) or execute arbitrary code as the user invoking the program.
(CVE-2009-2404)
Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
not properly handle certificates with NULL characters in the certificate
name. An attacker could exploit this to perform a man in the middle attack
to view sensitive information or alter encrypted communications.
(CVE-2009-2408)
>
>
> Credits
> =======
>
> Dan Kaminsky is credited with originally discovering this vulnerability.
>
>
> References
> ==========
>
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did
not properly handle certificates with NULL characters in the certificate
name. An attacker could exploit this to perform a man in the middle attack
to view sensitive information or alter encrypted communications.
(CVE-2009-2730)
will
arrive at the DNS server much earlier than the legitimate reply from some
Name
Server.
This attack was discovered and announced by Dan Kaminsky of Doxpara
Research in
July 2008.
02 Features
-----------
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Dan Kaminsky discovered weaknesses in the DNS protocol as implemented
by Bind. A remote attacker could exploit this to spoof DNS entries and
poison DNS caches. Among other things, this could lead to misdirected
email and web traffic.
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-2408
Dan Kaminsky and Moxie Marlinspike discovered that icedove does not
properly handle a '\0' character in a domain name in the subject's
Common Name (CN) field of an X.509 certificate (MFSA 2009-42).
CVE-2009-2404
Problem type : local(remote)
Debian-specific: no
Debian bug : 540958
CVE Ids : CVE-2009-2663 CVE-2009-3379
Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered
that libvorbis, a library for the Vorbis general-purpose compressed
audio codec, did not correctly handle certain malformed ogg files. An
attacher could cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via a crafted .ogg
file.
1 net-dns/dnsmasq < 2.45 >= 2.45
Description
===========
* Dan Kaminsky of IOActive reported that dnsmasq does not randomize
UDP source ports when forwarding DNS queries to a recursing DNS
server (CVE-2008-1447).
* Carlos Carvalho reported that dnsmasq in the 2.43 version does not
properly handle clients sending inform or renewal queries for unknown
After a standard system upgrade you need to restart any Java applications
to effect the necessary changes.
Details follow:
Dan Kaminsky discovered that SSL certificates signed with MD2 could be
spoofed given enough time. As a result, an attacker could potentially
create a malicious trusted certificate to impersonate another site. This
update handles this issue by completely disabling MD2 for certificate
validation in OpenJDK. (CVE-2009-2409)
* The vendor reported that Fetchmail does not properly handle Common
Name (CN) fields in X.509 certificates that contain an ASCII NUL
character. Specifically, the processing of such fields is stopped at
the first occurrence of a NUL character. This type of vulnerability
was recently discovered by Dan Kaminsky and Moxie Marlinspike
(CVE-2009-2666).
Impact
======
Problem type : remote
Debian-specific: no
Debian bug : 546212
CVE ID : CVE-2009-2702
Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from
the official KDE release, does not properly handle a '\0' character in a domain
name in the Subject Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
could lead to local denial of service if a malformed filesystem image is
mounted.
CVE-2011-3188
Dan Kaminsky reported a weakness of the sequence number generation in the
TCP protocol implementation. This can be used by remote attackers to inject
packets into an active session.
CVE-2011-3191
Scott Cantor reported that cURL does not properly handle fields in
X.509 certificates that contain an ASCII NUL (\0) character.
Specifically, the processing of such fields is stopped at the first
occurence of a NUL character. This type of vulnerability was recently
discovered by Dan Kaminsky and Moxie Marlinspike.
Impact
======
A remote attacker might employ a specially crafted X.509 certificate
of the issue, and naturally inducing press stunts by some individuals,
including "accidential" information leaks and hasty exploit releases.
Many other, more relaxed researchers, who had figured out the attack and
had coded working exploits within a few hours (which, by the way, was
incredibly easy to do, knowing that an undocumented attack actually
existed), decided to coordinate with Dan Kaminsky, who had organized a
huge multi-vendor security patch, and withhold information for the
proposed 30 days.
SEC Consult's researchers were among the first to write a working "fast
cache poisoning" exploit, details of which will now be published in a
> From: Stefan Kanthak [mailto:stefan.kanthak@nexgo.de]
> Sent: Saturday, 06 February, 2010 08:21
>
> Dan Kaminsky wrote:
>
> [...]
>
> > (On a side note, you're not going to see this sort of symlink stuff
> > on Windows,
>
On Feb 6, 2010, at 8:21 AM, "Stefan Kanthak" <stefan.kanthak@nexgo.de>
wrote:
> Dan Kaminsky wrote:
>
> [...]
>
>> (On a side note, you're not going to see this sort of symlink stuff
>> on
Debian-specific: no
Debian bug : 541439
CVE Ids : CVE-2009-2409 CVE-2009-2730
Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of
the TLS/SSL protocol, does not properly handle a '\0' character in a domain name
in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509
certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification
Authority. (CVE-2009-2730)
- Charles Miller, Real World Fuzzing
CONFERENCE - Fri, Oct 19th to Sun, Oct 21st - $70
- Dan Kaminsky, Black Ops 2007: Design Reviewing the Web
- Charles Miller, Fuzzing with Code Coverage by Example
- Remorse, Textella: An Alternative Application of Peer to Peer
Structured Networks
- Matt Miller, Cthulhu: A software analysis framework built on Phoenix
- Scott Moulton, Advanced Hacking Flash/Hard Drive Recoveries
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2469
Dan Kaminsky discovered that libspf2, an implementation of the Sender
Policy Framework (SPF) used by mail servers for mail filtering, handles
malformed TXT records incorrectly, leading to a buffer overflow
condition (CVE-2008-2469).
Note that the SPF configuration template in Debian's Exim configuration
could lead to local denial of service if a malformed filesystem image is
mounted.
CVE-2011-3188
Dan Kaminsky reported a weakness of the sequence number generation in the
TCP protocol implementation. This can be used by remote attackers to inject
packets into an active session.
CVE-2011-3191
Next Page>>
|
