Joxean Koret
an e-mail as, in their words, the vulnerability "was fixed in future
releases of the product". Eeeeh... "was" and "in the future"? As it
makes no sense, I sent Oracle an e-mail asking for details about the
fix:
On 4/19/2012 12:53 PM, Joxean Koret wrote:
(...)
> How can customers with current versions installed fix this
> vulnerability? Do they have to wait until the next version? Just out
> of curiosity.
--- El mar, 5/1/10, T Biehn <tbiehn@gmail.com> escribi:
> De: T Biehn <tbiehn@gmail.com>
> Asunto: Re: [Full-disclosure] [Tool] DeepToad 1.1.0
> Para: "Dan Kaminsky" <dan@doxpara.com>
> CC: "Joxean Koret" <joxeankoret@yahoo.es>, "Full Disclosure" <full-disclosure@lists.grok.org.uk>, bugtraq@securityfocus.com
> Fecha: martes, 5 de enero, 2010 15:56
> I can see what you're saying, it
> could be useful for finding
> differences in different versions of the same binary but
> from what I
I would largely assume that your algorithm, as is, works best on
uncompressed bitmaps. Is there something I'm missing?
-Travis
On Sun, Jan 3, 2010 at 6:37 AM, Joxean Koret <joxeankoret@yahoo.es> wrote:
> Hi all,
>
> I'm happy to announce the very first public release of the open source
> project DeepToad, a tool for computing fuzzy hashes from files.
>
>> I would largely assume that your algorithm, as is, works best on
>> uncompressed bitmaps. Is there something I'm missing?
>>
>> -Travis
>>
>> On Sun, Jan 3, 2010 at 6:37 AM, Joxean Koret <joxeankoret@yahoo.es> wrote:
>> > Hi all,
>> >
>> > I'm happy to announce the very first public release of the open source
>> > project DeepToad, a tool for computing fuzzy hashes from files.
>> >
regards
juan manuel pascual
On Sat, 19 Jul 2008, Joxean Koret wrote:
> Oracle Database Local Untrusted Library Path Vulnerability
> ----------------------------------------------------------
>
> The Oracle July 2008 Critical Patch Update fixes a vulnerability which
few well publicized cases where the same vulnerability had to be fixed
multiple times since Oracle only fixed the bug based on the exact exploit
details/code provided by the security researcher.
-----Original Message-----
From: Joxean Koret [mailto:joxeankoret@yahoo.es]
Sent: Saturday, January 10, 2009 12:27 PM
To: security curmudgeon
Cc: Team SHATTER; bugtraq@securityfocus.com; secalert_us@oracle.com
Subject: Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow
in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11)
05/11/2007 Initial vendor response
07/15/2008 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Joxean Koret.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
2008-04-07 - Vulnerability reported to vendor
2009-01-14 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Joxean Koret
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
fear) Flash as I do, you can download the slides from my website [3] in
ODP format.
[1] Online slides: http://bit.ly/c80WeS
[2] RootedCon conference: http://www.rootedcon.es/
[3] Slides: www.joxeankoret.com/odp/vulns_r12.odp.bz2
Regards,
Joxean Koret
References:
[1] http://ssdeep.sourceforge.net/
[2] http://www.gnu.org/licenses/lgpl.html
Regards && Happy new year!
Joxean Koret
[2]
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
[3] http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
Thanks,
Joxean Koret
On Sat, 2009-01-10 at 11:11 +0000, security curmudgeon wrote:
>
> Summary: Team SHATTER says this is a remote overflow that allows for
> the
01/22/2008 Initial vendor response
04/15/2008 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Joxean Koret.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
2007-01-29 - Vulnerability reported to vendor
2008-12-16 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Joxean Koret
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
2007-11-07 - Vulnerability reported to vendor
2009-04-14 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Joxean Koret
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
12/19/2007 Initial vendor response
07/15/2008 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Joxean Koret.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
2007-01-29 - Vulnerability reported to vendor
2008-12-16 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Joxean Koret
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
advisory.
Contact
-------
Joxean Koret - joxeankoret[at]yahoo[dot]es
References
----------
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html
2007-07-13 - Vulnerability reported to vendor
2009-01-14 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Joxean Koret
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
using the information or demonstrations provided in any part of this
advisory.
Contact:
Joxean Koret - joxeankoret[at]yahoo[dot]es
2007.01.29 - Vulnerability reported to vendor
2007.10.25 - Digital Vaccine released to TippingPoint customers
2007.10.16 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by Joxean Koret.
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, a division of 3Com, The Zero Day Initiative
(ZDI) represents a best-of-breed model for rewarding security
researchers for responsibly disclosing discovered vulnerabilities.
Proof of concept and documentation
----------------------------------
You can download the developed proof of concept and the old documentation -wrote back in 2008- from the following links:
Documentation: http://www.joxeankoret.com/download/tnspoison.pdf
Proof of concept: http://www.joxeankoret.com/download/tnspoison.zip
References
----------
05/27/2008 Initial vendor response
10/09/2008 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Joxean Koret.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
02/05/2008 Initial vendor response
07/15/2008 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Joxean Koret.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
You can download the presentation "Oracle Database Vault: The world is not
pink and I'm root" at:
http://inguma.sourceforge.net/docs/oracle_database_vault_en.pdf
Joxean Koret
|
