Next Page >>
Jan
In November, 2011, a potential security vulnerability was identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices.
HISTORY
Version:1 (rev.1) - 30 November 2011 Initial release
Version:2 (rev.2) - 23 December 2011 Code signing firmware available
Version:3 (rev.3) - 9 January 2012 Combined tables
Version:4 (rev.4) - 17 February 2012 Added printers, updated firmware versions
Version:5 (rev.5) - 19 March 2012 Added printers, updated firmware versions
Version:6 (rev.6) - 26 April 2012 Added printers, reformatted table
References: CVE-2011-4161
Status: Published
========
TimeLine
========
Discovered: 27 January 2011
Released: 27 January 2011
Approved: 27 January 2011
Reported: 27 January 2011
Fixed: 19 July 2011
Published: 2 November 2011
# Exploit Title: FreeBSD local denial of service - forced reboot
# Date: 28. January 2011
# Author: Kingcope
# Software Link: http://www.freebsd.org
# Operating System: FreeBSD
# Tested on: 8.0-RELEASE
This source code when compiled and executed
will reboot at least FreeBSD 8.0-RELEASE because of a null pointer dereference.
nobody@mail:~$ pwd
/
nobody@mail:~$ cd /home ; ls -l
total 36
drwxr-xr-x 3 cade cade 4096 Mar 6 2011 cade
drwxr-xr-x 17 hfortier hfortier 4096 Jan 18 18:21 hfortier
drwxr-xr-x 3 dma dma 4096 Feb 9 2011 dma
drwxr-xr-x 3 jamie jamie 4096 Jan 18 23:12 jamie
drwxr-xr-x 4 msf msf 4096 Aug 25 2010 msf
drwxr-xr-x 4 tina tina 4096 Jun 6 2011 tina
nobody@mail:/home$ ls -l hfortier
45503 blocks of size 2097152. 24437 blocks available
smb: \> cd foobar
smb: \foobar\> ls
. D 0 Mon Feb 1 20:29:12 2010
.. D 0 Mon Feb 1 20:29:12 2010
initrd.img.old 7646184 Mon Jan 18 13:15:48 2010
boot.ini 18832 Mon Feb 1 20:29:12 2010
home D 0 Mon Jan 18 13:08:24 2010
initrd.img 8007195 Thu Jan 21 21:51:26 2010
.cache DH 0 Sat Jan 23 14:19:08 2010
opt D 0 Sat Jan 30 11:39:59 2010
| Vulnerability Disclosure Report |
| |
|------------------------------------------------------------------|
Advisory : CORELAN-10-004
Disclosure date : Jan 12, 2010
Corelan Reference :
http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-004-turboftp-server-1-00-712-dos/
0x00 : Vulnerability information
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2008-2712
Jan Minar discovered that vim did not properly sanitise inputs
before invoking the execute or system functions inside vim
scripts. This could lead to the execution of arbitrary code.
CVE-2008-3074
can see Joxean's app is meant to group files of the same 'type,' not
provide 'diff' capabilities.
-Travis
On Tue, Jan 5, 2010 at 9:51 AM, Dan Kaminsky <dan@doxpara.com> wrote:
> I looked into a fair amount of this sort of normalization back when I was
> playing with dotplots. The idea was to upgrade from simple Levenshtein
> string comparison (with no knowledge of variable length x86 instructions,
> pointers that shift from compile to compile, etc) to something with at least
> some domain specific knowledge. What I found, somewhat surprisingly, was
a possibility.
Time line
=========
Jan 5 2011: While finishing Postfix for its annual release, I found
and fixed this flaw in the SMTP server and client implementations,
where it had been sitting ever since TLS support was adopted.
Jan 6-10 2011: As we investigated the scope of the problem, Victor
Duchovni (co-developer) discovered that other implementations were
nope i dont thnk it has to do with user agent.i have tried with
IE,Firefox but nothing.though when u change ip it shows the stuff.so i
think its ip based?
On Jan 15, 2008 10:52 PM, Gadi Evron <ge@linuxbox.org> wrote:
> On Tue, 15 Jan 2008, crazy frog crazy frog wrote:
> > nick,
> > ur not getting my point,the url is techicorner.com/{random string
> > here},i have already mentioned it in previous posts.
> > i have read the link sent by denis,and i would have to conclude that:
Name: Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow.
Author: Adam Zabrocki (<pi3@itsec.pl> or <zabrocki@cern.ch>)
Date: Jan 27, 2010
Issue:
Mod_proxy from apache 1.3.xx (tested on latest version - 1.3.41) allows local and remote attackers
to overflow buffer on heap via integer overflow vulnerability.
Denis
On Tue, 15 Jan 2008 11:42:33 +0530
"crazy frog crazy frog" <i.m.crazy.frog@gmail.com> wrote:
---> well,
---> i received many response but no one is perfact.i checked the files and
---> didn't find anything embeded in my scripts or pages.still i have to
> 'type,' not
> provide 'diff' capabilities.
>
> -Travis
>
> On Tue, Jan 5, 2010 at 9:51 AM, Dan Kaminsky <dan@doxpara.com>
> wrote:
> > I looked into a fair amount of this sort of
> normalization back when I was
> > playing with dotplots. The idea was to upgrade from
> simple Levenshtein
{
close(2); //close 2 before call tt
execl("./tt","./tt",0);
}
-bash-3.00$ ls -l k
-rwsr-xr-x 1 root staff 58287 Jan 1 09:55 k
-bash-3.00$ ls -l tt
-rwxrwxrwx 1 cloud staff 59457 Jan 1 10:24 tt
-bash-3.00$ ls -l bb
bb not found
-bash-3.00$ ./k
or use your webbrowser :)
History:
======
* Date of Discovery: 07. Dec. 2007
* Mail to vendor: 16. Jan. 2008; security@bitdefender.com
* Response from Vendor: 18. Jan. 2008; Requesting me to open an account to get access to BitDefender's Support :)
* Advisory Release: 19. Jan. 2008
On Sat, Jun 14, 2008 at 2:09 PM, Bram Moolenaar <Bram@moolenaar.net> wrote:
>
> Jan Minar wrote:
>
>> 1. Summary
>>
>> Product : Vim -- Vi IMproved
>> Version : Tested with 7.1.314 and 6.4
>> Impact : Arbitrary code execution
>> Wherefrom: Local and remote
Robert McArdle
--
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings
On Jan 13, 2008 5:33 PM, crazy frog crazy frog <i.m.crazy.frog@gmail.com> wrote:
> more,its not a java script,looks like a html page[notice the <html>
> and <body> tag n the file] there is also a random function,which
> generate the random string which is used to store teh files on c drive
> and may be for the random url.its trying to play mp3 and other
> files.all looks like messed up.may be there is another script which is
On Fri, Jul 25, 2008 at 4:57 PM, Steven M. Christey
<coley@linus.mitre.org> wrote:
>
> On Fri, 25 Jul 2008, [UTF-8] Jan MináÅ^Y wrote:
>
>> > The commands do not have to be written there between (1) and (2), they
>> > can be in the file long before the ./configure was started -- just
>> > because the script does care whether it can write to the file at all.
>> > So unlike stated in the advisory, and in CVE-2008-3294, the issue does
>> > not involve a race condition if the attacker would choose to create a
=====================
V. DISCLOSURE TIMELINE
=====================
Jan 2009 Vulnerability Found
Jan 2009 Vendor Notification
March 2010 Public Disclosure
=====================
VI. CREDIT
Test and analisys for "PHP 5.2.8-pl1-gentoo"
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
$ php -v
PHP 5.2.8-pl1-gentoo (cli) (built: Jan 21 2009 15:57:44)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
DOESN'T WORK
$ strace php -r 'include("/etc/passwd/");'
local user can cause a denial of service (kernel oops) by causing
a dentry value to go negative.
CVE-2009-2909
Arjan van de Ven discovered an issue in the AX.25 protocol
implementation. A specially crafted call to setsockopt() can
result in a denial of service (kernel oops).
CVE-2009-2910
=====================
V. DISCLOSURE TIMELINE
=====================
Jan 2009 Vulnerability found
Jan 2009 Vendor Notification
March 2010 Public Disclosure
=====================
VI. CREDIT
Apache mod_negotiation Xss and Http Response Splitting
Date: January 22th, 2008
Tested Versions: Apache <=1.3.39
<= 2.0.61
<= 2.2.6
Minded Security ReferenceID:
MSA01150108
=====================
V. DISCLOSURE TIMELINE
=====================
Jan 2009 Vulnerability found
Jan 2009 Vendor Notification
Feb 2010 Vendor Notification (Before Disclosure)
Feb 2010 Public Disclosure
=====================
=====================
V. DISCLOSURE TIMELINE
=====================
Jan 2009 Vulnerability Found
Jan 2009 Vendor Notification
Feb 2010 Public Disclosure
=====================
VI. CREDIT
Connection: close
Referer: http://127.0.0.1/cgi-bin/scrut_fa_exclusions.cgi
#Response 1
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2012 23:51:46 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 230
Exposures project identifies the following problems:
CVE-2009-0583
Jan Lieskovsky discovered multiple integer overflows in the ICC library,
which allow the execution of arbitrary code via crafted ICC profiles in
PostScript files with embedded images.
CVE-2009-0584
trigger a denial of service (DoS) by causing the kernel to execute an
infinite loop.
CVE-2008-1615
Jan Kratochvil reported a local denial of service condition that
permits local users on systems running the amd64 flavor kernel
to cause a system crash.
CVE-2008-2136
Arian Evans
capitalist marksman. eats animals.
On Thu, Jan 28, 2010 at 2:03 PM, James Landis <jcl24@cornell.edu> wrote:
> Tim,
> Great writeup of the state of the union for Web-based authentication methods.
>
> As you mention, your paper is primarily an argument for fixing HTTP
> auth. That might make a better title for it, in fact, since that does
9. *Report Timeline*
. 2009-09-22:
Core Security Technologies contacts Jan Bartel and Greg Wilkins from
Webtide, notifying them of the existence of a XSS vulnerability in a
sample application. Core sends its PGP key and asks Jan for his, would
he like to keep future communications encrypted.
. 2009-09-23:
Next Page>>
|
