Twenty Year Anniversary
Showing 1 - 13 of 13 RSS Feed

Files from Timo Warns

First Active2011-03-17
Last Active2012-11-23
FreeBSD Security Advisory - EAP-TLS Message Insufficient Validation
Posted Nov 23, 2012
Authored by Timo Warns, Jouni Malinen | Site security.freebsd.org

FreeBSD Security Advisory - The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages. A remote attacker could cause the hostapd daemon to abort by sending specially crafted EAP-TLS messages, resulting in a Denial of Service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2012-4445
MD5 | ee78773746000638162c5942e19522fd
Hostapd Missing EAP-TLS Message Length Validation
Posted Oct 8, 2012
Authored by Timo Warns | Site pre-cert.de

Hostapd versions 0.6 through 1.0 fail to validation EAP-TLS message length allowing for a possible denial of service condition.

tags | advisory, denial of service
advisories | CVE-2012-4445
MD5 | b80c51b831408369ebe42fc2c62904bc
FreeRADIUS 2.1.12 Remote Code Execution
Posted Sep 10, 2012
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - A stack overflow vulnerability has been identified in FreeRADIUS that allows to remotely execute arbitrary code via specially crafted client certificates (before authentication). The vulnerability affects setups using TLS-based EAP methods (including EAP-TLS, EAP-TTLS, and PEAP).

tags | advisory, overflow, arbitrary
advisories | CVE-2012-3547
MD5 | fb0a9c0a3a011f11ef69b4e23be84eea
Apache OpenOffice 3.4.0 Logic Errors
Posted Aug 29, 2012
Authored by Timo Warns | Site openoffice.org

When OpenOffice reads an ODF document, it first loads and processes an XML stream within the file called the manifest. Apache OpenOffice 3.4.0 has logic errors that allows a carefully crafted manifest to cause reads and writes beyond allocated buffers.

tags | advisory
advisories | CVE-2012-2665
MD5 | 4a1eecc2fd43210f99fc9fdafd3fd83f
LibreOffice / OpenOffice Code Execution
Posted Aug 10, 2012
Authored by Timo Warns | Site pre-cert.de

LibreOffice versions prior to 3.5.5 and Apache OpenOffice versions 3.4.0 and below suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2012-2665
MD5 | c6aa2fe07674cc81309e02117c4c0ffd
Linux Kernel HFS Plus Buffer Overflow
Posted May 16, 2012
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability in the driver for HFS plus file systems that may be exploited for code execution or privilege escalation. A specially-crafted HFS plus filesystem can cause a buffer overflow via the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c).

tags | advisory, overflow, kernel, code execution
systems | linux
advisories | CVE-2012-2319
MD5 | 10a12ca5bb97ae18574eab4dbc7d9654
libzip 0.10 Heap Overflow / Information Leak
Posted Mar 28, 2012
Authored by Timo Warns, Thomas Klausner | Site pre-cert.de

libzip versions 0.10 and below suffers from heap overflow and information leak vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2012-1162, CVE-2012-1163
MD5 | 57c548e1fcc2b9b7bad921642b8dc800
java.util.zip Denial Of Service
Posted Feb 17, 2012
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The function countCENHeaders() in zip_util.c of the java.util.zip implementation contains an off-by-one bug. The bug can be exploited via corrupted ZIP files to cause an endless recursion. The endless recursion results in a segmentation fault of the JVM. Oracle Java SE and IcedTea6 have multiple affected versions.

tags | advisory, java
advisories | CVE-2012-0501
MD5 | bf631eca170f6397a8d4cf50a929e429
Linux Kernel Be File System Denial Of Service
Posted Aug 20, 2011
Authored by Timo Warns | Site pre-cert.de

The Linux kernel contains a vulnerability in the driver for Be file systems that may lead to a kernel oops via a corrupted Be file system. Kernel versions 2.4, 2.6, and 3.0 are affected.

tags | advisory, kernel
systems | linux
advisories | CVE-2011-2928
MD5 | 45b3af9c97ce47144f6c3d0fa1fb2406
tftp-hpa Daemon Buffer Overflow
Posted Jun 24, 2011
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The tftp-hpa daemon contains a buffer overflow vulnerability in the function for setting the utimeout option. As the daemon accepts the option from clients, the vulnerability can be remotely exploited. Versions 0.30 through 5.0 are affected.

tags | advisory, overflow
advisories | CVE-2011-2199
MD5 | 68c78a48a7360d133b2c4dca46a39bad
Linux 2.4 / 2.6 Information Disclosure / Denial Of Service
Posted May 12, 2011
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability that may lead to an information disclosure or a denial-of-service due to corrupted partition tables on storage devices. The kernel automatically evaluates partition tables of storage devices. The code for evaluating EFI GUID partition tables contains a buffer overflow bug that allows to leak data from the kernel heap to userspace or that may allow to cause a kernel oops resulting in a denial of service.

tags | advisory, denial of service, overflow, kernel, info disclosure
systems | linux
advisories | CVE-2011-1776
MD5 | 9ce1e30c5a025279b01bb2e8eebb0b57
Linux Kernel 2.4 / 2.6 Denial Of Service
Posted Apr 14, 2011
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability that may lead to a denial-of-service due to corrupted partition tables on storage devices. The kernel automatically evaluates partition tables of storage devices. This happens independently of whether any auto-mounting is enabled or not. The code for evaluating EFI GUID partition tables contains a buffer overflow bug that allows to cause kernel oops resulting in a denial of service.

tags | advisory, denial of service, overflow, kernel
systems | linux
advisories | CVE-2011-1577
MD5 | 97318e70e9704a77283d0dbb20f30c96
Linux 2.4 / 2.6 Information Disclosure
Posted Mar 17, 2011
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability that may lead to information leakage due to corrupted partition tables. The kernel automatically evaluates partition tables of storage devices. This happens independently of whether any auto-mounting is enabled or not. The code for evaluating OSF partition tables contains a buffer overflow bug that allows to leak data from the kernel heap to userspace.

tags | advisory, overflow, kernel
systems | linux
advisories | CVE-2011-1163
MD5 | 6f030ff4c1d10ce5590ee339bdbca2de
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close