accept no compromises
Showing 1 - 10 of 10 RSS Feed

Files

Samsung Devices KNOX Extensions OTP TrustZone Trustlet Stack Buffer Overflow
Posted Dec 14, 2016
Authored by Google Security Research

As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. The tokens themselves are generated in a TrustZone application within the TEE (UID: fffffffff0000000000000000000001e), which can be communicated with using the "OTP" service, published by "otp_server". Many of the internal commands supported by the trustlet must either unwrap or wrap a token. They do so by calling the functions "otp_unwrap" and "otp_wrap", correspondingly. Both functions copy the internal token data to a local stack based buffer before attempting to wrap or unwrap it. However, this copy operation is performed using a length field supplied in the user's buffer (the length field's offset changes according to the calling code-path), which is not validated at all. This means an attacker can supply a length field larger than the stack based buffer, causing the user-controlled token data to overflow the stack buffer. There is no stack cookie mitigation in MobiCore trustlets. On the device I'm working on (SM-G925V), the "OTP" service can be accessed from any user, including from the SELinux context "untrusted_app". Successfully exploiting this vulnerability should allow a user to elevate privileges to the TrustZone TEE.

tags | exploit, overflow, local
MD5 | 7ca93e4b9e68b1ccea14faa98806c21a

Related Files

Samsung OTP TrustZone Buffer Overflow
Posted Jan 3, 2017
Authored by Google Security Research, laginimaineb

As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. The OTP TrustZone trustlet suffers from a stack buffer overflow.

tags | exploit, overflow
MD5 | 5630aec452992f4eccfb870ec3a4cbc7
Samsung OTP Service Heap Overflow
Posted Jan 3, 2017
Authored by Google Security Research, laginimaineb

As a part of the KNOX extensions available on Samsung devices, Samsung provides a new service which allows the generation of OTP tokens and suffers from a heap overflow vulnerability.

tags | exploit, overflow
MD5 | 078ec7131a5d786edf86447fbce0664f
Adobe Flash Stage.align Use-After-Free
Posted Aug 28, 2016
Authored by Google Security Research, natashenka

There is a use-after-free in the Adobe Flash Stage.align property setter. When the setter is called, the parameter is converted to a string early, as a part of the new use-after-free prevention changes. This conversion can invoke script, which if the this object is a MovieClip, can delete the object, deleting the thread the call is made from, which can lead to a use-after-free.

tags | exploit
advisories | CVE-2016-4226
MD5 | fc8d83928f444c78ec6b24e2c1a2be3d
SoftHSM 2.0.0a1
Posted Feb 12, 2014
Authored by Rickard Bellgrim | Site wiki.opendnssec.org

SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Changes: This is the first alpha version for SoftHSMv2. All required features for this version have been implemented, and the authors would like to get feedback from the community.
tags | library
systems | unix
MD5 | f1479de3c5652bf3e13b994e6d437951
Red Hat Security Advisory 2013-1540-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1540-02 - Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management tools for the GNOME desktop environment. A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient. The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2013-4166
MD5 | b413381d165bf565fbe1231558293b89
SoftHSM 1.3.5
Posted Oct 4, 2013
Authored by Rickard Bellgrim | Site wiki.opendnssec.org

SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Changes: Improved handling of a busy database. Adds -Wall -Werror flags and fixes the warnings. Fixes more warnings on EPEL.
tags | library
systems | unix
MD5 | c07acb7ac7fceef6a56f2db082685283
SoftHSM 1.3.4
Posted Nov 27, 2012
Authored by Rickard Bellgrim | Site wiki.opendnssec.org

SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Changes: Supports an RSASSA-PSS signature scheme. The default location of the token database is now $localstatedir/lib/softhsm/.
tags | library
systems | unix
MD5 | e28ef8312654326a84aac4630e93dd88
SoftHSM 1.3.3
Posted May 15, 2012
Authored by Rickard Bellgrim | Site wiki.opendnssec.org

SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Changes: This release increases performance by adding more indexes to the database, describes the usage of SO and the user PIN in the README, and detects whether a C++ compiler is missing.
tags | library
systems | unix
MD5 | 417898d682bb8e2312aa3126f965a043
SoftHSM 1.3.1
Posted Jan 18, 2012
Authored by Rickard Bellgrim | Site wiki.opendnssec.org

SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Changes: The library is now installed in $libdir/softhsm/. This release does not give a warning about the schema version if the token has not been initialized yet. The tools now return the correct exit code.
tags | library
systems | unix
MD5 | 1eadb2821accffde2e9404807d4ae3dd
rhsa.2000-052-02.zope
Posted Aug 13, 2000
Site redhat.com

Red Hat Security Advisory - Vulnerabilities exist with all Zope-2.0 releases - This HotFix corrects issues in the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the request processing.

tags | vulnerability
systems | linux, redhat
MD5 | 3cb405179f1c3efdf06a418225b24442
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close