accept no compromises
Showing 1 - 22 of 22 RSS Feed

Files from Jonathan Brossard

First Active2008-08-26
Last Active2011-09-02
Post Memory Corruption Memory Analyzer 1.00
Posted Sep 2, 2011
Authored by Andrew Griffiths, Matthieu Suiche, Tim Shelton, Jonathan Brossard, Nicolas Massaviol | Site pmcma.org

Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).

tags | tool, overflow
systems | unix
MD5 | e17401ff721f45e2819d0ed4c5ed9731
Perl Null Pointer Dereference
Posted May 9, 2011
Authored by Jonathan Brossard

When given a wrong number of arguments, a number of perl functions will attempt to read memory from an unmapped location, resulting in a deterministic crash.

tags | advisory, perl
advisories | CVE-2011-0761
MD5 | 90a557b0c4869f35779003db8fedaed0
Opera SELECT SIZE Arbitrary Null Write
Posted May 9, 2011
Authored by Jonathan Brossard

Opera up to and including version 10.60 is vulnerable to an arbitrary memory write of 0x00000000, 4 byte aligned, when processing an html page featuring a SELECT tag with a very large SIZE parameter.

tags | advisory, arbitrary
advisories | CVE-2011-1824
MD5 | cf523544c7b3477c18228bec543636bb
XPDF T1lib Integer Overflows / Heap Corruption
Posted Mar 27, 2011
Authored by Jonathan Brossard

The Linux version of xpdf is linked against t1lib, which is vulnerable to multiple vulnerabilities including off by ones, integer overflows and heap corruptions. At least one of those is exploitable and allows arbitrary code to be executed on the target machine when opening a specially crafted pdf file.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux
advisories | CVE-2011-0764
MD5 | 0b0fe1dd18bae3b70742a46284bf313e
Ghostscript Library Off-By-One, Integer Overflow, Heap Corruption
Posted Nov 26, 2010
Authored by Jonathan Brossard

An off by one in the library libgs.so.8 shipped with Ghostscript in versions 8.70 and below generates an integer overflow, which in turn produces a heap corruption, resulting in a (remote) Denial of Service (crash) in several applications using this library when processing a specially crafted font. This vulnerability cannot be exploited to execute arbitrary code under GNU/Linux x86, to the best of our knowledge. Other targets, in particular Windows have not been tested and may or may not allow execution of arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, x86
systems | linux, windows
advisories | CVE-2009-3743
MD5 | cf91d1ecedb5e4cb58b00796472aa24c
Adobe Acrobat Reader Memory Corruption
Posted Mar 25, 2009
Authored by Jonathan Brossard | Site ivizsecurity.com

Adobe Acrobat Reader suffers from a memory corruption vulnerability. Versions 9.0.0 and 8.1.3 are affected.

tags | advisory
MD5 | f904cd3fa41f726a1835f12221a87c0d
iViZ Security Advisory 08-016
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

It is possible to protect an ELF binary against f-prot by corrupting its ELF header, while letting the binary completely functional. F-prot will crash when analyzing the file, letting the possible malware undetected. f-prot version 4.6.8 for GNU/Linux is affected.

tags | advisory
systems | linux
MD5 | 784ec034097cd2a378d0ac99587e8f24
iViZ Security Advisory 08-015
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Sophos Antivirus deterministically crashes (segmentation fault) when analyzing corrupted packed files for multiple packers: armadillo, asprotect, asprotectSKE. The same behavior has also been observed when analyzing corrupted CAB files. Sophos SAVScan 4.33.0 for Linux and possibly others are affected.

tags | advisory
systems | linux
MD5 | 38e2007ac4098ad444940502fa07d90b
iViZ Security Advisory 08-014
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

AVG antivirus can be deterministically forced to crash (segmentation fault) when analyzing corrupted UPX files. AVG for Linux version 7.5.51 (current) and possibly other versions are affected.

tags | advisory
systems | linux
MD5 | 567323a87a689aff43c464049365374c
iViZ Security Advisory 08-013
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Multiple buffer overflows were discovered in the GNU/Linux version of Avast when analyzing corrupted ISO and RPM files. Avast for Workstations version 1.0.8 Trial versions and possibly others are affected.

tags | advisory, overflow
systems | linux
MD5 | fd8b11cc90d0183b9cb9b7f59c96f0fb
iViZ Security Advisory 08-012
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Multiple integer overflows were discovered in the GNU/Linux version of Bitdefender when analyzing corrupted PE binaries packed with neolite and asprotect packers. Bitdefender for GNU/Linux versions 7.60825 and below are affected.

tags | advisory, overflow
systems | linux
MD5 | cb458d0cea1c0dab406e443d79b5c17a
iViZ Security Advisory 08-011
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Clamav uses an external unpacker, which can be deterministically crashed, when processing corrupted LZH files. Versions 0.93.3 and below are affected.

tags | advisory
MD5 | 5e380141b9b8aca38d9b56fe22d493a0
IVIZ-08-010.txt
Posted Sep 18, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

The password checking routine of SafeBoot Device Encryption fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users. Affected is McAfee Safeboot Device Encryption version 4, Build 4750 and below.

tags | advisory, local
MD5 | c271a054effb9c687ea198b451d4641c
IVIZ-08-009.txt
Posted Aug 26, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

The password checking routine of Grub fails to sanitize the BIOS keyboard buffer before AND after reading passwords.

tags | advisory
MD5 | 19fafe4333b13d89b153a4c1a3b7a16c
IVIZ-08-008.txt
Posted Aug 26, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

The password checking routine of LILO fails to sanitize the BIOS keyboard buffer before AND after reading passwords.

tags | advisory
MD5 | b6128bc94dc690994313103896500060
IVIZ-08-007.txt
Posted Aug 26, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

The password checking routine of DriveCrypt fails to sanitize the BIOS keyboard buffer before AND after reading passwords.

tags | advisory
MD5 | f5e88134d2c118dc27e0b5de40760281
IVIZ-08-006.txt
Posted Aug 26, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

The password checking routine of DiskCryptor fails to sanitize the BIOS keyboard buffer before AND after reading passwords.

tags | advisory
MD5 | 28d14d2910f59a1abffea61e693b4bc3
IVIZ-08-005.txt
Posted Aug 26, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

The password checking routine of the IBM Lenovo BIOS firmware fails to sanitize the BIOS keyboard buffer after reading user input, resulting in plain text password leakage to local users.

tags | advisory, local
MD5 | 9372ec1711b09a008c09f97aaad48fc9
IVIZ-08-004.txt
Posted Aug 26, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

The password checking routine of Intel BIOS firmware fails to sanitize the BIOS keyboard buffer after reading user input, resulting in plain text password leakage to local users.

tags | advisory, local
MD5 | fb13f9752e6c436b4d7a1e7c99a21fa2
IVIZ-08-003.txt
Posted Aug 26, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

The password checking routine of TrueCrypt fails to sanitize the BIOS keyboard buffer before AND after reading passwords.

tags | advisory
MD5 | 986464ca4ad63ebdd6c33978f68b69c6
IVIZ-08-002.txt
Posted Aug 26, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

The password checking routine of Hewlett-Packard 68DTT version F.0D (11/22/2005) fails to sanitize the BIOS keyboard buffer after reading user input, resulting in plain text password leakage to local users.

tags | advisory, local
MD5 | 7ed6e522d2b2d1576d1001319e9ae443
IVIZ-08-001.txt
Posted Aug 26, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

The password checking routine of Microsoft Bitlocker fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users.

tags | advisory, local
MD5 | 08bf0022caed32290893bce4e558fee6
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close