what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files from Joshua J. Drake

First Active2007-02-24
Last Active2010-04-17
iDEFENSE Security Advisory 2010-04-15.2
Posted Apr 17, 2010
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 04.15.10 - Remote exploitation of an integer overflow vulnerability within AgentX++, as distributed with multiple vendors' products, allows attackers to execute arbitrary code with the privileges of the AgentX master process. This vulnerability exists within the AgentX::receive_agentx function. If an attacker sends a request specifying the maximum 32-bit integer as the payload length, adding one will cause an integer overflow, resulting in the allocation of a "0" size buffer. Since an attacker can send as much, or as little, data as they wish, they can overflow the allocated heap buffer by an arbitrary amount.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-1319
MD5 | 171062c1d586bf37cfbf908421fcf141
iDEFENSE Security Advisory 2010-03-04.1
Posted Mar 5, 2010
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-3032
MD5 | 02061082038dac3eab8518904cc3a6a6
iDEFENSE Security Advisory 2009-08-25.1
Posted Aug 25, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 08.11.09 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView SDK allows attackers to execute arbitrary code with the privileges of the targeted application. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of strings in the table. This value is used in a calculation that controls the number of bytes to allocate for a dynamic heap buffer. The value is not properly sanitized, which leads to an integer overflow in the calculation. This results in a heap based buffer overflow vulnerability.

tags | advisory, remote, overflow, arbitrary
MD5 | dbdb90ef3b324101021c04329f6a8e9e
iDEFENSE Security Advisory 2009-06-09.1
Posted Jun 11, 2009
Authored by iDefense Labs, Sean Larsson, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of unique strings in the table. This value is used to allocate an array of pointers to the strings contained inside of the table. When allocating this array, an integer overflow occurs in the calculation of its size. This leads to a heap based buffer overflow when the array is filled with pointers to strings from the file.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-0561
MD5 | e37fd1b16f08252d9bb8460f80138468
iDEFENSE Security Advisory 2009-06-11.1
Posted Jun 11, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 06.11.09 - Remote exploitation of an invalid free vulnerability in Microsoft Corp.'s Active Directory Server allows attackers to exhaust all virtual memory. According to section 2.4 of the IETF Request For Comments (rfc) 4514, LDAP requests can contain strings that have been encoded using hexadecimal encoding. When Active Directory on Windows 2000 encounters such a request, it fails to release the memory associated with the hexadecimal encoded portion of the request. By continually making such requests, an attacker can exhaust virtual memory on the targeted system. iDefense confirmed the existence of this vulnerability using a Windows 2000 SP4 domain controller with all patches available as of January 2008 applied. All versions of Active Directory installed on Windows 2000 are suspected to be vulnerable.

tags | advisory, remote
systems | windows, 2k
advisories | CVE-2009-1138
MD5 | 037d09bcff56732afc2ce408b4f638d1
iDEFENSE Security Advisory 2009-05-14.5
Posted May 16, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 05.14.09 - Remote exploitation of multiple buffer overflow vulnerabilities in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allow attackers to execute arbitrary code. Two vulnerabilities exist due to a lack of bounds checking when processing specially crafted Microsoft Excel spreadsheet files. The two issues exist in two distinct functions. The two vulnerabilities are nearly identical, with the differentiating factor being the value of a flag bit within a record of the file. If the bit is set, the code path to the first vulnerable function is taken. Otherwise, the code path to the second vulnerable function is taken.

tags | advisory, remote, overflow, arbitrary, vulnerability
advisories | CVE-2009-1009
MD5 | 7404edb2a93993d499b176cc5254c4ab
iDEFENSE Security Advisory 2009-05-14.4
Posted May 16, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 05.14.09 - Remote exploitation of a buffer overflow vulnerability in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. This vulnerability exists due to the lack of bounds checking when processing certain records within a Microsoft Excel spreadsheet. Upon entering the vulnerable function, data is copied from a heap buffer into a stack buffer without ensuring that the data will fit. By crafting an Excel spreadsheet file properly, it is possible to write beyond the bounds of the stack buffer. The resulting stack corruption leads to arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2009-1009
MD5 | 0434d4650043444db116551d83cd9288
iDEFENSE Security Advisory 2009-05-14.3
Posted May 16, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 05.14.09 - Remote exploitation of an integer overflow vulnerability in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. This vulnerability exists when handling specific records within a specially crafted Microsoft Excel spreadsheet file. Within the vulnerable function, an integer value is read from the file. This value is later used in an arithmetic integer calculation. Since no validation is performed, an integer overflow can occur. This results in the allocation of a buffer that is too small to hold the data that is subsequently read from the file. A heap buffer overflow occurs, leading to an exploitable condition.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-1010
MD5 | 0c74f5b06565ed8fcba02ecb09ae882f
iDEFENSE Security Advisory 2009-05-14.2
Posted May 16, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 05.14.09 - Remote exploitation of multiple integer overflow vulnerabilities in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. These vulnerabilities exist in the handling of an optional data stream stored within various files. Both issues are integer overflows, and are within the same function. Within the vulnerable function, an integer value is read from the Microsoft Office file. This value is later used in several arithmetic integer calculations. Since no validation is performed, integer overflows can occur. The result is the allocation of a buffer that is too small to hold the data that is subsequently read from the file. A heap buffer overflow occurs, leading to an exploitable condition.

tags | advisory, remote, overflow, arbitrary, vulnerability
advisories | CVE-2009-1011
MD5 | 12efe72201b82244d7c4803ab328d482
iDEFENSE Security Advisory 2008-10-29.2
Posted Oct 31, 2008
Authored by iDefense Labs, Sean Larsson, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 10.29.08 - Remote exploitation of a stack based buffer overflow vulnerability in Oracle Corp.'s WebLogic Server Apache Connector could allow an attacker to execute arbitrary code with the privileges of the affected service. A stack based buffer overflow vulnerability exists in the Apache Connector of Oracle (formerly BEA) WebLogic Server. When parsing a request with an invalid parameter the module uses a string without properly validating its length. This string is copied into a fixed sized stack buffer. This results in a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in WebLogic Server Apache Connector version 10.0. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2008-4008
MD5 | 6ff30a0d941f386bea95271534a16c5e
iDEFENSE Security Advisory 2008-06-03.5
Posted Jun 5, 2008
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 06.03.08 - Remote exploitation of multiple command injection vulnerabilities in Sun Microsystem's Java System Active Server Pages allows attackers to execute arbitrary code with root privileges. These vulnerabilities exist within several ASP applications that execute shell commands. The problem lies in the fact that these applications do not filter or escape the parameters passed to these commands. By inserting shell meta-characters into an HTTP request, an attacker is able to execute arbitrary shell commands. iDefense has confirmed the existence of these vulnerabilities within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.

tags | advisory, java, remote, web, arbitrary, shell, root, vulnerability, asp
advisories | CVE-2008-2405
MD5 | 19beb26a54b11c3b19321dec1eb1418c
iDEFENSE Security Advisory 2008-04-09.4
Posted Apr 16, 2008
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 04.09.08 - Local exploitation of a file creation vulnerability in the Administration Server of IBM Corp.'s DB2 Universal Database allows attackers to elevate privileges to root. This vulnerability exists due to unsafe file access from within the db2dasrrm program. When a user starts the DAS, the "db2dasrrm" process is started with root privileges. As part of the initialization, the "dasRecoveryIndex", "dasRecoveryIndex.tmp", ".dasRecoveryIndex.lock", and "dasRecoveryIndex.cor" files are created with root privileges. By removing and re-creating these files as symbolic links, an attacker can create arbitrary files as root. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 release with Fix Pack 3 installed on Linux. Other versions are also suspected to be vulnerable.

tags | advisory, arbitrary, local, root
systems | linux
advisories | CVE-2007-5664
MD5 | 12426a5c9832c9d2997923db61030702
iDEFENSE Security Advisory 2008-03-10.2
Posted Mar 13, 2008
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 03.10.08 - Local exploitation of a design error in the "sdbstarter" program, as distributed with SAP AG's MaxDB, could allow attackers to elevate privileges to root. iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on both Linux and Solaris. Other versions for Unix-like systems are suspected to be vulnerable. Windows releases do not include the "sdbstarter" program.

tags | advisory, local, root
systems | linux, windows, unix, solaris
advisories | CVE-2008-0306
MD5 | c5facadf7226394a03672061b153254b
iDEFENSE Security Advisory 2007-10-30.7
Posted Oct 31, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the bellmail program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within sendrmt function. This function is called when a user tries to send mail using the "m" command. Within this function, several sprintf calls are made to concatenate user-supplied input with static strings. No bounds checking is performed to ensure that the resulting string will fit in the destination buffer located on the stack. By supplying a long parameter, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability within AIX version 5.3 (5300-06) and 5.2. Previous versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4623
MD5 | a185a185af8ec2c2ce27a46a467d032d
iDEFENSE Security Advisory 2007-10-30.6
Posted Oct 31, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the ftp client of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the domacro() function. This function is called when executing a macro via the '$' command within the ftp program. When executing a macro, the parameter is copied to a fixed size stack buffer using an unbounded call to strcpy(). By specifying a long argument, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability in AIX version 5.3 (5300-06). Previous versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4217
MD5 | 3e29520806c28983f3fe4b7bdecdcd7d
iDEFENSE Security Advisory 2007-08-16.3
Posted Aug 17, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 08.16.07 - Local exploitation of multiple file creation vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities are due to insufficient checking being performed while handling files with elevated privileges. By setting certain combinations of environment variables, an attacker is able to create or append to arbitrary files on the system. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.

tags | advisory, arbitrary, local, vulnerability
systems | linux, unix
advisories | CVE-2007-4272
MD5 | fa67305bc50f5d281ebe6e85e267c4ce
iDEFENSE Security Advisory 2007-08-16.1
Posted Aug 17, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 08.16.07 - Local exploitation of multiple race condition vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities are due to insufficient checking being performed while handling files with elevated privileges. In each case, a race condition exists between a check to see if an existing file is a symbolic link and modifying it. By quickly and repeatedly removing and recreating the file as a symbolic link, an attacker could modify arbitrary files with root privileges. iDefense confirmed the existence of these vulnerabilities in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, unix
advisories | CVE-2007-4270
MD5 | 515807fc57dc8ba1f64372577e80ee74
iDEFENSE Security Advisory 2007-02-22.3
Posted Feb 24, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 02.22.07 - Local exploitation of a multiple vulnerabilities in IBM Corp.'s DB2 Universal Database allow attackers to cause a denial of service condition or elevate privileges to root. Several vulnerabilities exist due to unsafe file access from within several setuid-root binaries. Specifically, when supplying certain environment variables, the DB2 administration binaries will use the specified filename for saving data. This allows an attacker to create or append to arbitrary files as root. A heap-based buffer overflow vulnerability can occur when copying data from an environment variable. The variable contents are copied to a static BSS segment buffer without ensuring proper NUL termination. Consequently, this allows an attacker to cause a heap overflow in a later function call. A stack-based buffer overflow can occur when an environment variable contains a long string. By specifying a specially crafted value, it is possible to overwrite the return address of a function and execute arbitrary code. iDefense has confirmed the existence of these vulnerabilities within IBM Corp.'s DB2 Universal Database 9.1 release installed on Linux. Other versions, including those installed on other architectures, are suspected to be vulnerable as well. These vulnerabilities do not appear to affect DB2 Universal Database running on the windows platform.

tags | advisory, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, windows
MD5 | 3c9750c1e4a747af81e04379de4095d8
Page 1 of 1
Back1Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    22 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close