what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files from Mu Security research team

First Active2006-05-17
Last Active2009-08-13
MU Security Advisory 2009-08.01
Posted Aug 13, 2009
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

The Mu Dynamics Research team has found several vulnerabilities stemming from unsafe use of the sscanf C standard library function. Asterisk versions 1.6.1 through 1.6.1.2 are affected.

tags | advisory, vulnerability
SHA-256 | 4b4ca564af6eb635dec77a8869f1db6582e448ddc90620d17fb84789c0b6f227
MU Security Advisory 2008-09.01
Posted Sep 20, 2008
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

An IKE_SA_INIT message with a Key Exchange payload containing a large number of NULL values can cause a crash of the IKEv2 charon daemon. The problem is strongSwan dereferences a NULL pointer returned by the mpz_export() function of the GNU Multiprecision Library (GMP). strongSwan versions 4.2.6 and below are affected.

tags | advisory
SHA-256 | a3597b49066b341935ee93779ea9ca112ab0a8104c7b1a8d4db0e4628d8bde6a
MU Security Advisory 2008-07.01
Posted Jul 15, 2008
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

The Mu Security Research team has found that repro SIP proxy/registrar version 1.3.2 suffers from a remote denial of service vulnerability.

tags | advisory, remote, denial of service
SHA-256 | 91a6d43a2baf5a2b2ed067a279c38f21a6b845cf53483affa1bdf220b1303342
MU Security Advisory 2008-03.01
Posted Mar 19, 2008
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

The Mu Security Research team has found two security issues in the SDP parser in Asterisk 1.4.18. One is an invalid write to an attacker-controllable, almost arbitrary memory location and the other is a stack buffer overflow with limited attacker-controllable values.

tags | advisory, overflow, arbitrary
advisories | CVE-2008-1289
SHA-256 | 22b9f55626db7117f3ba9d0b616eac257212d9c93020ffbcecfcfa095604f614
MU Security Advisory 2007-09.02
Posted Sep 19, 2007
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

There are multiple vulnerabilities where a maliciously-crafted packet can crash Dibbler version 0.6.0. These include packets with options with large lengths (memory allocation failure via integer overflow), invalid lengths (buffer overread), and malformed IA_NA options in a REBIND message (null pointer dereference).

tags | advisory, overflow, vulnerability
SHA-256 | f2b090fcf8285f4556684e70a8d80dc062ceda4f629aff5c30aed4839cb633a6
MU Security Advisory 2007-09.01
Posted Sep 13, 2007
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

Quagga bgpd version 0.99.8 suffers from a remote denial of service vulnerability.

tags | advisory, remote, denial of service
SHA-256 | a643fe7b20e97d462b4461df79f25858f310676b357a7736c5fd8f8217bcdf15
MU Security Advisory 2007-08.01
Posted Aug 25, 2007
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

A remote heap overflow condition in Real Helix's RTSP service could allow for arbitrary code execution. The vulnerable code is triggered with the use of an RTSP command with multiple 'Require' headers. Versions prior to 11.1.4 are affected.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | 99fbe1a74de2e483e58433d3eafc5f2697345d9fc0f9bf9de2e4664637001ed8
MU Security Advisory 2007-04.01
Posted Apr 24, 2007
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

An integer overflow vulnerability exists in the RPC runtime library (libinfo) that handles AUTH_UNIX authentication. By sending maliciously-crafted requests to the any RPC service (portmap, mount, nfs, etc), a remote attacker can trigger the overflow which may lead to arbitrary code execution as the 'daemon' user. Mac OS X versions 10.3.9 and 10.4.9 are affected.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple, osx
SHA-256 | 97e5e87dca373f256dac237d93184a10f3eab15b0ae01172cebbd02bfd5db45b
MU Security Advisory 2007-03.01
Posted Mar 9, 2007
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

Asterisk crashes when handed an otherwise valid request message but with no URI and no SIP-version in the request-line of the message. Asterisk versions 1.2.15 and 1.4.0, along with prior versions, are affected.

tags | advisory
SHA-256 | 4df0189ab0730598e7eef2261fe6960b91fbe72020bb219fd37a290679ce1e96
MU Security Advisory 2006-08.01
Posted Aug 27, 2006
Authored by MU Dynamics, Mu Security research team | Site labs.musecurity.com

A remote stack buffer overflow condition in Asterisk's MGCP implementation could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed AUEP (audit endpoint) response message. A second issue exists in the handling of file names sent to the Record() application which could lead to arbitrary code execution via a format string attack or arbitrary file-overwrite via directory traversal techniques. The impact of this vulnerability is minimal, however, as it requires an administrator to use a client-controlled variable as part of the filename. Asterisk versions 1.0.0 through 1.2.10 are affected.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | dbdc141ab5d77885c8dca0d5658fe534d27d30e676035e308e313dba03713a10
LinuxSCTP2616.txt
Posted May 17, 2006
Authored by Mu Security research team | Site labs.musecurity.com

Multiple vulnerabilities exist in Linux SCTP 2.6.16 (lksctp) all resulting in kernel panics. The crafted packets must be sent to a listening endpoint in order to exploit these vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux
SHA-256 | 5e0aff6ee62b8c5cbca65ce839330a6b9fde0b8a7294f3986963b2e02876e08e
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close