This bugtraq post needs further investigation. Ok it's not a fresh vulnerability (first publicly disclosed on 9/26/2006), but I wonder if it's actually exploitable. First thing to check, is it worth investigating ?
Keyword - exploit
Wednesday, October 17 2007
The OpenSSL SSL_Get_Shared_Ciphers() case
By Greg on Wednesday, October 17 2007, 18:13 - IT security / Privacy
Monday, October 8 2007
Exploit candidates: OpenSSL, libvorbis and QEmu
By Greg on Monday, October 8 2007, 13:13 - IT security / Privacy
Today after a quick review of recent vulnerabilities, I decided to focus on OpenSSL, libvorbis and QEmu. OpenSSL SSL_Get_Shared_Ciphers() is an update of a year-old buffer overflow vulnerability that was fixed but not fully :). It results in a off-by-one overflow. I didn't find any exploit for this vuln.
In the libvorbis side, DoS and Memory Corruption Vulnerabilities were discovered. No exploit neither. A for QEmu, the advisory says ''Multiple local vulnerabilities''.
I'll begin by working on the OpenSSL vuln. This is work-in-progress and I'll update the blog regularly.
I have also seen a interesting lighttpd fastcgi module vulnerability. Not enough time to do everything, I'll see it later.
Thursday, April 12 2007
Exploiting with Javascript
By Greg on Thursday, April 12 2007, 20:00 - IT security / Privacy
These last days I've been reading some interesting docs about exploiting hosts with Javascript. As the common workstation is getting harder [1] to pwn with Vista protections (DEP + ASLR + SafeSEH + /GS + Character Filtering [2]) , it seems like alternative easier ways for exploiting clients are more and more interesting. Even more when a lot of applications and services are converging to the web with the Web 2.0 hype.
Notes
[1] See Client Side Exploits, a lot of Office bugs and Vista by Halvar Flake
[2] See Dailydave - Remotes and "remotes" by Dave Aitel
