what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files from Joshua J. Drake

First Active2007-02-24
Last Active2010-04-17
iDEFENSE Security Advisory 2010-04-15.2
Posted Apr 17, 2010
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 04.15.10 - Remote exploitation of an integer overflow vulnerability within AgentX++, as distributed with multiple vendors' products, allows attackers to execute arbitrary code with the privileges of the AgentX master process. This vulnerability exists within the AgentX::receive_agentx function. If an attacker sends a request specifying the maximum 32-bit integer as the payload length, adding one will cause an integer overflow, resulting in the allocation of a "0" size buffer. Since an attacker can send as much, or as little, data as they wish, they can overflow the allocated heap buffer by an arbitrary amount.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-1319
SHA-256 | 176f4add59ab7e2454b1c942cc75564e4ab4b26ebd3fe4762e5e77e44a63a6b2
iDEFENSE Security Advisory 2010-03-04.1
Posted Mar 5, 2010
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-3032
SHA-256 | 9a38749723b857cb3e896aba20e2a23b58f974d6729609fcebae71db896a4859
iDEFENSE Security Advisory 2009-08-25.1
Posted Aug 25, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 08.11.09 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView SDK allows attackers to execute arbitrary code with the privileges of the targeted application. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of strings in the table. This value is used in a calculation that controls the number of bytes to allocate for a dynamic heap buffer. The value is not properly sanitized, which leads to an integer overflow in the calculation. This results in a heap based buffer overflow vulnerability.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 91a37e71adf284b1c3c01485dd1c4380ba48759365687481f5d2f29106412bf4
iDEFENSE Security Advisory 2009-06-09.1
Posted Jun 11, 2009
Authored by iDefense Labs, Sean Larsson, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of unique strings in the table. This value is used to allocate an array of pointers to the strings contained inside of the table. When allocating this array, an integer overflow occurs in the calculation of its size. This leads to a heap based buffer overflow when the array is filled with pointers to strings from the file.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-0561
SHA-256 | 10b25a2ead8344835636ecbd2f58b22d735b49d76b8351d055defe853529e1ff
iDEFENSE Security Advisory 2009-06-11.1
Posted Jun 11, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 06.11.09 - Remote exploitation of an invalid free vulnerability in Microsoft Corp.'s Active Directory Server allows attackers to exhaust all virtual memory. According to section 2.4 of the IETF Request For Comments (rfc) 4514, LDAP requests can contain strings that have been encoded using hexadecimal encoding. When Active Directory on Windows 2000 encounters such a request, it fails to release the memory associated with the hexadecimal encoded portion of the request. By continually making such requests, an attacker can exhaust virtual memory on the targeted system. iDefense confirmed the existence of this vulnerability using a Windows 2000 SP4 domain controller with all patches available as of January 2008 applied. All versions of Active Directory installed on Windows 2000 are suspected to be vulnerable.

tags | advisory, remote
systems | windows
advisories | CVE-2009-1138
SHA-256 | fe2fe4b965ee27267925f430684c17c2c3e67fa18af4c891cfe1f4cb5bfb694f
iDEFENSE Security Advisory 2009-05-14.5
Posted May 16, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 05.14.09 - Remote exploitation of multiple buffer overflow vulnerabilities in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allow attackers to execute arbitrary code. Two vulnerabilities exist due to a lack of bounds checking when processing specially crafted Microsoft Excel spreadsheet files. The two issues exist in two distinct functions. The two vulnerabilities are nearly identical, with the differentiating factor being the value of a flag bit within a record of the file. If the bit is set, the code path to the first vulnerable function is taken. Otherwise, the code path to the second vulnerable function is taken.

tags | advisory, remote, overflow, arbitrary, vulnerability
advisories | CVE-2009-1009
SHA-256 | 453d22e035785f3551f5dd9b4c765c0be2b84487078feb070cf8fca38359966c
iDEFENSE Security Advisory 2009-05-14.4
Posted May 16, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 05.14.09 - Remote exploitation of a buffer overflow vulnerability in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. This vulnerability exists due to the lack of bounds checking when processing certain records within a Microsoft Excel spreadsheet. Upon entering the vulnerable function, data is copied from a heap buffer into a stack buffer without ensuring that the data will fit. By crafting an Excel spreadsheet file properly, it is possible to write beyond the bounds of the stack buffer. The resulting stack corruption leads to arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2009-1009
SHA-256 | 8389434236ec275ba15686052b23800beb7d91e6ecc2328bb57b95587c050ba5
iDEFENSE Security Advisory 2009-05-14.3
Posted May 16, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 05.14.09 - Remote exploitation of an integer overflow vulnerability in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. This vulnerability exists when handling specific records within a specially crafted Microsoft Excel spreadsheet file. Within the vulnerable function, an integer value is read from the file. This value is later used in an arithmetic integer calculation. Since no validation is performed, an integer overflow can occur. This results in the allocation of a buffer that is too small to hold the data that is subsequently read from the file. A heap buffer overflow occurs, leading to an exploitable condition.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-1010
SHA-256 | e7d3ca952a5b943eaf5807594202a97d1c4f5d9826e4cdcd0d1270d22526cdf2
iDEFENSE Security Advisory 2009-05-14.2
Posted May 16, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 05.14.09 - Remote exploitation of multiple integer overflow vulnerabilities in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. These vulnerabilities exist in the handling of an optional data stream stored within various files. Both issues are integer overflows, and are within the same function. Within the vulnerable function, an integer value is read from the Microsoft Office file. This value is later used in several arithmetic integer calculations. Since no validation is performed, integer overflows can occur. The result is the allocation of a buffer that is too small to hold the data that is subsequently read from the file. A heap buffer overflow occurs, leading to an exploitable condition.

tags | advisory, remote, overflow, arbitrary, vulnerability
advisories | CVE-2009-1011
SHA-256 | d796703c546844346e61187c1f28d228851aa35f15ef643c392eb9215a2794b9
iDEFENSE Security Advisory 2008-10-29.2
Posted Oct 31, 2008
Authored by iDefense Labs, Sean Larsson, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 10.29.08 - Remote exploitation of a stack based buffer overflow vulnerability in Oracle Corp.'s WebLogic Server Apache Connector could allow an attacker to execute arbitrary code with the privileges of the affected service. A stack based buffer overflow vulnerability exists in the Apache Connector of Oracle (formerly BEA) WebLogic Server. When parsing a request with an invalid parameter the module uses a string without properly validating its length. This string is copied into a fixed sized stack buffer. This results in a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in WebLogic Server Apache Connector version 10.0. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2008-4008
SHA-256 | 92646871e75b29ac768127a34b35cd0ed021ef5d8cb5332e1bcb8be06a4c49f1
iDEFENSE Security Advisory 2008-06-03.5
Posted Jun 5, 2008
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 06.03.08 - Remote exploitation of multiple command injection vulnerabilities in Sun Microsystem's Java System Active Server Pages allows attackers to execute arbitrary code with root privileges. These vulnerabilities exist within several ASP applications that execute shell commands. The problem lies in the fact that these applications do not filter or escape the parameters passed to these commands. By inserting shell meta-characters into an HTTP request, an attacker is able to execute arbitrary shell commands. iDefense has confirmed the existence of these vulnerabilities within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.

tags | advisory, java, remote, web, arbitrary, shell, root, vulnerability, asp
advisories | CVE-2008-2405
SHA-256 | bb385586ed5b085d8de367bb6c7da6fe1d3365325ddb8e023922c855c7c1387c
iDEFENSE Security Advisory 2008-04-09.4
Posted Apr 16, 2008
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 04.09.08 - Local exploitation of a file creation vulnerability in the Administration Server of IBM Corp.'s DB2 Universal Database allows attackers to elevate privileges to root. This vulnerability exists due to unsafe file access from within the db2dasrrm program. When a user starts the DAS, the "db2dasrrm" process is started with root privileges. As part of the initialization, the "dasRecoveryIndex", "dasRecoveryIndex.tmp", ".dasRecoveryIndex.lock", and "dasRecoveryIndex.cor" files are created with root privileges. By removing and re-creating these files as symbolic links, an attacker can create arbitrary files as root. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 release with Fix Pack 3 installed on Linux. Other versions are also suspected to be vulnerable.

tags | advisory, arbitrary, local, root
systems | linux
advisories | CVE-2007-5664
SHA-256 | dd5a634ae18370241c785ef50887abc8490a642fa48ef842bac9544bbb16e8e9
iDEFENSE Security Advisory 2008-03-10.2
Posted Mar 13, 2008
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 03.10.08 - Local exploitation of a design error in the "sdbstarter" program, as distributed with SAP AG's MaxDB, could allow attackers to elevate privileges to root. iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on both Linux and Solaris. Other versions for Unix-like systems are suspected to be vulnerable. Windows releases do not include the "sdbstarter" program.

tags | advisory, local, root
systems | linux, windows, unix, solaris
advisories | CVE-2008-0306
SHA-256 | e25791d8f91e8f1822104cfacb99ec2d95d9f65329ac297bf4a23704c69dcd0b
iDEFENSE Security Advisory 2007-10-30.7
Posted Oct 31, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the bellmail program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within sendrmt function. This function is called when a user tries to send mail using the "m" command. Within this function, several sprintf calls are made to concatenate user-supplied input with static strings. No bounds checking is performed to ensure that the resulting string will fit in the destination buffer located on the stack. By supplying a long parameter, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability within AIX version 5.3 (5300-06) and 5.2. Previous versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4623
SHA-256 | 1a95829422936a89bd9887255c30ff92f350d73e274073408ed62d53ae1c4d5f
iDEFENSE Security Advisory 2007-10-30.6
Posted Oct 31, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the ftp client of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the domacro() function. This function is called when executing a macro via the '$' command within the ftp program. When executing a macro, the parameter is copied to a fixed size stack buffer using an unbounded call to strcpy(). By specifying a long argument, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability in AIX version 5.3 (5300-06). Previous versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local, root
systems | aix
advisories | CVE-2007-4217
SHA-256 | 3dec465fdd656832a851c313df9dd10488b2e285927b610249519c54c3cf6f7e
iDEFENSE Security Advisory 2007-08-16.3
Posted Aug 17, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 08.16.07 - Local exploitation of multiple file creation vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities are due to insufficient checking being performed while handling files with elevated privileges. By setting certain combinations of environment variables, an attacker is able to create or append to arbitrary files on the system. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.

tags | advisory, arbitrary, local, vulnerability
systems | linux, unix
advisories | CVE-2007-4272
SHA-256 | 68f5e988169e1a1f9703ab258eee67f2763fe92aeb1c8a4ac21ddfb06c5cd74e
iDEFENSE Security Advisory 2007-08-16.1
Posted Aug 17, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 08.16.07 - Local exploitation of multiple race condition vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities are due to insufficient checking being performed while handling files with elevated privileges. In each case, a race condition exists between a check to see if an existing file is a symbolic link and modifying it. By quickly and repeatedly removing and recreating the file as a symbolic link, an attacker could modify arbitrary files with root privileges. iDefense confirmed the existence of these vulnerabilities in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, unix
advisories | CVE-2007-4270
SHA-256 | def2b551a679acaa494a7c32010e039efa2e488a7698767f83081bf79c986072
iDEFENSE Security Advisory 2007-02-22.3
Posted Feb 24, 2007
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 02.22.07 - Local exploitation of a multiple vulnerabilities in IBM Corp.'s DB2 Universal Database allow attackers to cause a denial of service condition or elevate privileges to root. Several vulnerabilities exist due to unsafe file access from within several setuid-root binaries. Specifically, when supplying certain environment variables, the DB2 administration binaries will use the specified filename for saving data. This allows an attacker to create or append to arbitrary files as root. A heap-based buffer overflow vulnerability can occur when copying data from an environment variable. The variable contents are copied to a static BSS segment buffer without ensuring proper NUL termination. Consequently, this allows an attacker to cause a heap overflow in a later function call. A stack-based buffer overflow can occur when an environment variable contains a long string. By specifying a specially crafted value, it is possible to overwrite the return address of a function and execute arbitrary code. iDefense has confirmed the existence of these vulnerabilities within IBM Corp.'s DB2 Universal Database 9.1 release installed on Linux. Other versions, including those installed on other architectures, are suspected to be vulnerable as well. These vulnerabilities do not appear to affect DB2 Universal Database running on the windows platform.

tags | advisory, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, windows
SHA-256 | 09df12ba44beb0cc8e4477c6f4fb75f9a7c970e77bb169d5f4a4df77e6f107d6
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close