what you don't know can hurt you
Showing 1 - 13 of 13 RSS Feed

Files from Timo Warns

First Active2011-03-17
Last Active2012-11-23
FreeBSD Security Advisory - EAP-TLS Message Insufficient Validation
Posted Nov 23, 2012
Authored by Timo Warns, Jouni Malinen | Site security.freebsd.org

FreeBSD Security Advisory - The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages. A remote attacker could cause the hostapd daemon to abort by sending specially crafted EAP-TLS messages, resulting in a Denial of Service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2012-4445
MD5 | ee78773746000638162c5942e19522fd
Hostapd Missing EAP-TLS Message Length Validation
Posted Oct 8, 2012
Authored by Timo Warns | Site pre-cert.de

Hostapd versions 0.6 through 1.0 fail to validation EAP-TLS message length allowing for a possible denial of service condition.

tags | advisory, denial of service
advisories | CVE-2012-4445
MD5 | b80c51b831408369ebe42fc2c62904bc
FreeRADIUS 2.1.12 Remote Code Execution
Posted Sep 10, 2012
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - A stack overflow vulnerability has been identified in FreeRADIUS that allows to remotely execute arbitrary code via specially crafted client certificates (before authentication). The vulnerability affects setups using TLS-based EAP methods (including EAP-TLS, EAP-TTLS, and PEAP).

tags | advisory, overflow, arbitrary
advisories | CVE-2012-3547
MD5 | fb0a9c0a3a011f11ef69b4e23be84eea
Apache OpenOffice 3.4.0 Logic Errors
Posted Aug 29, 2012
Authored by Timo Warns | Site openoffice.org

When OpenOffice reads an ODF document, it first loads and processes an XML stream within the file called the manifest. Apache OpenOffice 3.4.0 has logic errors that allows a carefully crafted manifest to cause reads and writes beyond allocated buffers.

tags | advisory
advisories | CVE-2012-2665
MD5 | 4a1eecc2fd43210f99fc9fdafd3fd83f
LibreOffice / OpenOffice Code Execution
Posted Aug 10, 2012
Authored by Timo Warns | Site pre-cert.de

LibreOffice versions prior to 3.5.5 and Apache OpenOffice versions 3.4.0 and below suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2012-2665
MD5 | c6aa2fe07674cc81309e02117c4c0ffd
Linux Kernel HFS Plus Buffer Overflow
Posted May 16, 2012
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability in the driver for HFS plus file systems that may be exploited for code execution or privilege escalation. A specially-crafted HFS plus filesystem can cause a buffer overflow via the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c).

tags | advisory, overflow, kernel, code execution
systems | linux
advisories | CVE-2012-2319
MD5 | 10a12ca5bb97ae18574eab4dbc7d9654
libzip 0.10 Heap Overflow / Information Leak
Posted Mar 28, 2012
Authored by Timo Warns, Thomas Klausner | Site pre-cert.de

libzip versions 0.10 and below suffers from heap overflow and information leak vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2012-1162, CVE-2012-1163
MD5 | 57c548e1fcc2b9b7bad921642b8dc800
java.util.zip Denial Of Service
Posted Feb 17, 2012
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The function countCENHeaders() in zip_util.c of the java.util.zip implementation contains an off-by-one bug. The bug can be exploited via corrupted ZIP files to cause an endless recursion. The endless recursion results in a segmentation fault of the JVM. Oracle Java SE and IcedTea6 have multiple affected versions.

tags | advisory, java
advisories | CVE-2012-0501
MD5 | bf631eca170f6397a8d4cf50a929e429
Linux Kernel Be File System Denial Of Service
Posted Aug 20, 2011
Authored by Timo Warns | Site pre-cert.de

The Linux kernel contains a vulnerability in the driver for Be file systems that may lead to a kernel oops via a corrupted Be file system. Kernel versions 2.4, 2.6, and 3.0 are affected.

tags | advisory, kernel
systems | linux
advisories | CVE-2011-2928
MD5 | 45b3af9c97ce47144f6c3d0fa1fb2406
tftp-hpa Daemon Buffer Overflow
Posted Jun 24, 2011
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The tftp-hpa daemon contains a buffer overflow vulnerability in the function for setting the utimeout option. As the daemon accepts the option from clients, the vulnerability can be remotely exploited. Versions 0.30 through 5.0 are affected.

tags | advisory, overflow
advisories | CVE-2011-2199
MD5 | 68c78a48a7360d133b2c4dca46a39bad
Linux 2.4 / 2.6 Information Disclosure / Denial Of Service
Posted May 12, 2011
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability that may lead to an information disclosure or a denial-of-service due to corrupted partition tables on storage devices. The kernel automatically evaluates partition tables of storage devices. The code for evaluating EFI GUID partition tables contains a buffer overflow bug that allows to leak data from the kernel heap to userspace or that may allow to cause a kernel oops resulting in a denial of service.

tags | advisory, denial of service, overflow, kernel, info disclosure
systems | linux
advisories | CVE-2011-1776
MD5 | 9ce1e30c5a025279b01bb2e8eebb0b57
Linux Kernel 2.4 / 2.6 Denial Of Service
Posted Apr 14, 2011
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability that may lead to a denial-of-service due to corrupted partition tables on storage devices. The kernel automatically evaluates partition tables of storage devices. This happens independently of whether any auto-mounting is enabled or not. The code for evaluating EFI GUID partition tables contains a buffer overflow bug that allows to cause kernel oops resulting in a denial of service.

tags | advisory, denial of service, overflow, kernel
systems | linux
advisories | CVE-2011-1577
MD5 | 97318e70e9704a77283d0dbb20f30c96
Linux 2.4 / 2.6 Information Disclosure
Posted Mar 17, 2011
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability that may lead to information leakage due to corrupted partition tables. The kernel automatically evaluates partition tables of storage devices. This happens independently of whether any auto-mounting is enabled or not. The code for evaluating OSF partition tables contains a buffer overflow bug that allows to leak data from the kernel heap to userspace.

tags | advisory, overflow, kernel
systems | linux
advisories | CVE-2011-1163
MD5 | 6f030ff4c1d10ce5590ee339bdbca2de
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close