all things security
Showing 1 - 25 of 66 RSS Feed

Files from Andrea Barisani

Email addressandrea at inversepath.com
First Active2001-07-11
Last Active2017-01-12
Siemens SIMATIC CP 343-1 Advanced IKEv1 Cipher Suite Configuration
Posted Jan 12, 2017
Authored by Andrea Barisani

The SIMATIC CP 343-1 Advanced product allows configuration of the IKEv1 cipher suite configuration, which specifies the IKE and Encapsulating Security Payload (ESP) supported algorithms, with one cipher for each setting. It is evaluated that the configuration is not consistent with the supported ciphers that are eventually applied on the IPSec responder of the SIMATIC CP 343-1 Advanced. In fact, regardless of the selected choice for the ESP cipher, it is always possible for the IPSec client to propose, and successfully use, DES, 3DES, AES128 and AES256. This invalidates the potential desire to enforce a stronger cipher, as the client can always decide to use weaker. Siemens SIMATIC CP 343-1 Advanced tested with fw V3.0.44 is affected.

tags | advisory
MD5 | 341767e9c8ce19c5df56ce607d808a9c
Siemens SIMATIC Cookie Settings / Cross Site Request Forgery
Posted Nov 22, 2016
Authored by Andrea Barisani

Multiple versions of Siemens SIMATIC suffer from a cross site request forgery vulnerability and poor cookie security settings.

tags | advisory, csrf
advisories | CVE-2016-8672
MD5 | c590ef7662fc1519d4471789c6f70ff1
VLC 2.2.1 Arbitrary Pointer Dereference
Posted Aug 23, 2015
Authored by Andrea Barisani, Open Source CERT, Loren Maggiore

VLC versions 2.2.1 and below suffer from an arbitrary pointer dereference vulnerability.

tags | advisory, arbitrary
advisories | CVE-2015-5949
MD5 | b675d1c081b164ab9ed97daca168dffd
FreeRADIUS Insufficient CRL Application
Posted Jun 23, 2015
Authored by Andrea Barisani, Open Source CERT

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS. Versions equal to and below 2.2.7 and 3.0.8 are affected.

tags | advisory
advisories | CVE-2015-4680
MD5 | cafe48b37985ba8edab19c239d413d59
MySQL SSL / TLS Downgrade
Posted Apr 29, 2015
Authored by Andrea Barisani, Open Source CERT, Adam Goodman

A vulnerability has been reported concerning the impossibility for MySQL users (with any major stable version) to enforce an effective SSL/TLS connection that would be immune from man-in-the-middle (MITM) attacks performing a malicious downgrade. Versions 5.7.2 and below are affected.

tags | advisory
advisories | CVE-2015-3152
MD5 | a6136100e6e6ea5f0710410938e328f3
e2fsprogs Input Sanitization
Posted Feb 6, 2015
Authored by Andrea Barisani, Open Source CERT

The e2fsprogs package is a set of open source utilities for ext2, ext3 and ext4 filesytems. The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability. Versions prior to 1.42.12 are affected.

tags | advisory, overflow
advisories | CVE-2015-0247
MD5 | e869d40ab54c548d2ad978b7cd2d1ffb
JasPer 1.900.1 Off-By-One / Heap Overflow
Posted Jan 22, 2015
Authored by Andrea Barisani, Open Source CERT, pyddeh

The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. Versions 1.900.1 and below are affected.

tags | advisory, overflow
advisories | CVE-2014-8157, CVE-2014-8158
MD5 | e3087007c53b9ae60d360e8c8ae013cb
UnZip 6.0 Heap Buffer Overflow
Posted Dec 22, 2014
Authored by Andrea Barisani, Open Source CERT

UnZip versions 6.0 and below suffer from multiple heap-based buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
MD5 | 66cf95c1412baffc97b43c0603b6fd01
SoX 14.4.1 Heap Buffer Overflow
Posted Dec 22, 2014
Authored by Andrea Barisani, Open Source CERT

SoX versions 14.4.1 and below suffer from multiple heap-based buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2014-8145
MD5 | ed1384b49a88c40f7d981123c9d8c485
JasPer 1.900.1 Double-Free / Heap Overflow
Posted Dec 19, 2014
Authored by Andrea Barisani, Open Source CERT

The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file, can be used to trigger the vulnerabilities. Versions 1.900.1 and below are affected.

tags | advisory, overflow, vulnerability
MD5 | ae9af40b3ff98367b3b41c09d2eaca06
JasPer 1.900.1 Buffer Overflow
Posted Dec 4, 2014
Authored by Andrea Barisani, Open Source CERT

The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by two heap-based buffer overflows which can lead to arbitrary code execution. The vulnerability is present in functions jpc_dec_cp_setfromcox() and jpc_dec_cp_setfromrgn(). A specially crafted jp2 file, can be used to trigger the overflows. Versions 1.900.1 and below are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2014-9029
MD5 | e661c4bbb6e9abe2278116196e0c0c2d
Tenshi Log Monitoring Program 0.15
Posted Aug 4, 2014
Authored by Andrea Barisani | Site dev.inversepath.com

tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.

Changes: Added mailhelo option. Various bugfixes. See Changelog for complete list of changes.
tags | tool, system logging
systems | unix
MD5 | 3eb858893e29f0f6e7fb9f58f653a5b1
LibYAML 0.1.5 Buffer Overflow
Posted Mar 28, 2014
Authored by Andrea Barisani, Open Source CERT

LibYAML versions 0.1.5 and below are affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2014-2525
MD5 | ac045385785224679f4d12e08802ffed
Xalan-Java 2.7.0 Insufficient Secure Processing
Posted Mar 25, 2014
Authored by Andrea Barisani, Nicolas Gregoire, Open Source CERT

The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing (JAXP) which supports a secure processing feature for interpretive and XSLCT processors. The intent of this feature is to limit XSLT/XML processing behaviours to "make the XSLT processor behave in a secure fashion". It has been discovered that the secure processing features suffers from several limitations that undermine its purpose. Versions 2.7.0 and above are affected.

tags | advisory, java
advisories | CVE-2014-0107
MD5 | d274ff5f63281d441f0f9514f291ddb7
MantisBT 1.1.0a4 / 1.2.15 SQL Injection
Posted Feb 9, 2014
Authored by Andrea Barisani, Open Source CERT

MantisBT versions greater than and equal to 1.1.0a4 and versions equal to and below 1.2.5 suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2014-1609, CVE-2014-1608
MD5 | 1d5bfa60d9a83d54f7a8e1362951ef74
Fully Arbitrary 802.3 Packet Injection: Maximizing The Ethernet Attack Surface
Posted Aug 2, 2013
Authored by Andrea Barisani, Daniele Bianco | Site inversepath.com

It is generally assumed that sending and sniffing arbitrary, Fast Ethernet packets can be performed with standard Network Interface Cards (NIC) and generally available packet injection software. However, full control of frame values such as the Frame Check Sequence (FCS) or Start-of-Frame delimiter (SFD) has historically required the use of dedicated and costly hardware. This presentation, given at Blackhat 2013, dissects Fast Ethernet layer 1 and 2 presenting novel attack techniques supported by an affordable hardware setup that, using customized firmware, allows fully arbitrary frame injection. Proof of concept code also included.

tags | paper, arbitrary, proof of concept
systems | linux
MD5 | 1dace7812895df9b7323841146cc1e00
MurmurHash Algorithm Collision Denial Of Service
Posted Nov 24, 2012
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue is similar to the one reported in oCERT-2011-003 and concerns the MurmurHash algorithm family. The condition for predictable collisions in the hashing functions has been reported for the following language implementations: JRuby (MurmurHash2), Ruby (MurmurHash2), Rubinius (MurmurHash3), Oracle JDK (MurmurHash), OpenJDK (MurmurHash). In the case of Java OpenJDK the hash function affected by the reported issue is not enabled by default, the default function is however reported vulnerable to oCERT-2011-003.

tags | advisory, java, ruby
advisories | CVE-2012-5370, CVE-2011-5371, CVE-2011-5372, CVE-2011-5373
MD5 | 173a950b56d5f7bd4eef0ced98b0cc28
Tenshi Log Monitoring Program 0.14
Posted Jun 3, 2012
Authored by Andrea Barisani | Site dev.inversepath.com

Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.

Changes: Cleaned up tail invocation code. Fixed repeat handling. Gentoo init script update.
tags | tool, system logging
systems | unix
MD5 | 9951f2995c4e08539a60026774da183a
Open Source CERT Security Advisory 2011.003
Posted Dec 29, 2011
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.

tags | advisory
advisories | CVE-2011-4461, CVE-2011-4838, CVE-2011-4885, CVE-2011-4462, CVE-2011-4815
MD5 | 22dd5e111e5c4f6aa908cc54c3e0e83a
Open Source CERT Security Advisory 2011.001
Posted Jul 16, 2011
Authored by Andrea Barisani, Open Source CERT, Wireghoul | Site justanotherhacker.com

Chyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.

tags | exploit, shell, local, vulnerability, xss, file inclusion
MD5 | d2e9d03bb363c9b30358d7e88edeeb59
Tenshi Log Monitoring Program 0.13
Posted Jul 14, 2011
Authored by Andrea Barisani | Site dev.inversepath.com

Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.

Changes: Added threshold feature for discarding logs with count below specified value. Fixed broken queue flushing on exit. Various other improvements.
tags | system logging
systems | unix
MD5 | 86233a514b3a6fbc9a76493513119342
Open Source CERT Security Advisory 2010.4
Posted Sep 29, 2010
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

The libavcodec library, an open source video encoding/decoding library part of the FFmpeg project, suffers from an arbitrary offset dereference vulnerability. The vulnerability affects the flic file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific flic file can be crafted to trigger the vulnerability. Versions 0.6 and below are affected.

tags | advisory, arbitrary
advisories | CVE-2010-3429
MD5 | c04676de70ace56cf68c31687cda89b4
Tenshi Log Monitoring Program 0.12
Posted Sep 18, 2010
Authored by Andrea Barisani | Site dev.inversepath.com

Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.

Changes: FIFO read bugfix and opensuse rpm spec, see Changelog.
tags | system logging
systems | unix
MD5 | 2b5b19c3b74b3fa7bb2a768b7a9c01ae
Open Source CERT Security Advisory 2010.3
Posted Sep 18, 2010
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

Free Simple CMS versions 1.0 and below suffer from a remote file inclusion vulnerability.

tags | advisory, remote, file inclusion
MD5 | 1f65a4ef40d4652202b98d90a136a562
Open Source CERT Security Advisory 2009.19
Posted Dec 17, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

Ganeti versions greater than and equal to 1.2.9, 2.0.5, and 2.1.0-rc2 suffer from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2009-4261
MD5 | ec1e5f6ccb9b1385a358b44d724ff709
Page 1 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close