search for: adversari

On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: > Escalation *requires* attacking a program in a security context other > than your own. Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. Then the heap spraying allows this attacker to easily trigger this exploit because he is able to initialize the entire contents of the

Hi Guus, I've attached something like a commit message (I think). Sorry, but I am not familiar with git and currently familiarizing with it. In the meantime, I fixed some code and introduced a compatibility wrapper to allow porting tinc to "Fritz!Box" (using Freetz http://trac.freetz.org/). The file is called ifaddr-compat.h/c and wraps the function "getifaddrs". I'm

Hello, Does anyone have a sample SELinux policy for dkim-milter? I'm using the configuration from this page: http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3 Along with the latest RPM from the link on that page. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT

hello, i need to setup a mail server with postfix + dovecot + webmin + virtualmin + virtual user with linux system user. the virtual user may reach to thousands user from several hundreds virtual domains. what i concern is large numbers of linux system user which used in these setup, is it good or bad? maybe somebody would share their experience about this setup ? any links would be good.

On 02/20/2019 07:51 AM, Mark D. Baushke wrote: > There are too just many cases where both OpenSSH interoperating with > itself as well as other SSH implementations have needed this version > number to properly deal with bugs in the code via negitations. FWIW, and without dismissing the possibility of fingerprinting a server in other ways, the fact that clients that *can* pass

Bill, I have clarified this on SO, and I will copy that clarification in here: "Sure, we tested them on other 8-digit numbers as well & we could not replicate. However, these are honest-to-goodness numbers generated by a non-adversarial system that has no conception of these numbers being used for anything other than a unique key for an entity -- these are not a specially constructed edge case. Would be good to know what seeds will and will not work, and why." These numbers are generated by an application that serves a for...

Hello Warren, On Thu, 2017-02-09 at 14:22 -0700, Warren Young wrote: > There are two serious problems with this argument: > > 1. Give me a scenario where this attacker can execute *only* pkcheck > in order to exploit this hypothetical library?s flaw, but where the > attacker cannot simply provide their own binary to do the same > exploit. Short of something insane like

...t; >> Bill, >> >> I have clarified this on SO, and I will copy that clarification in here: >> >> "Sure, we tested them on other 8-digit numbers as well & we could not >> replicate. However, these are honest-to-goodness numbers generated by a >> non-adversarial system that has no conception of these numbers being used >> for anything other than a unique key for an entity -- these are not a >> specially constructed edge case. Would be good to know what seeds will and >> will not work, and why." >> >> These numbers are g...

...rely outdated in my opinion, and happy to be corrected, but I don't think it would be totally egregious to carry on with (whole numbered) vector shapes that aren't strictly legal, as long as you guarantee that *any* such pattern gets correctly legalised by the lowering. If you can make the adversarial cases performing on top of that, it's a bonus, not a target. Hope this helps. cheers, --renato

...at gmail.com> wrote: > > Bill, > > I have clarified this on SO, and I will copy that clarification in here: > > "Sure, we tested them on other 8-digit numbers as well & we could not > replicate. However, these are honest-to-goodness numbers generated by a > non-adversarial system that has no conception of these numbers being used > for anything other than a unique key for an entity -- these are not a > specially constructed edge case. Would be good to know what seeds will and > will not work, and why." > > These numbers are generated by an appli...

> On Nov 21, 2019, at 14:23, Robinson, Paul via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > Some years ago there was a random-nop-insertion pass (for ROP gadget removal) proposed, which didn't stick; we recently had a summer intern work on it but did not get to proper quality; I'd like to revive that. Hi Paul, I'm curious about what the use case for this was. In

...ntime library recording the address of the most-recently allocated safe stack to cause safe stacks to be allocated in vulnerable locations. An alternative approach to avoid that limitation could be to store that variable above the bound checked by the instrumented code. This could help to prevent adversaries from forcing safe stacks to be allocated at vulnerable locations while still allowing the program to keep running even when its safe stacks protrude below the bound. Of course, the protruding portions of the safe stacks would be vulnerable. Another alternative could be to treat the MPX bounds r...

...t;> >>> I have clarified this on SO, and I will copy that clarification in here: >>> >>> "Sure, we tested them on other 8-digit numbers as well & we could not >>> replicate. However, these are honest-to-goodness numbers generated by a >>> non-adversarial system that has no conception of these numbers being used >>> for anything other than a unique key for an entity -- these are not a >>> specially constructed edge case. Would be good to know what seeds will and >>> will not work, and why." >>> >>>...

If I have a "simple" variable value, this works fine: capmon@peter:~> puppet -e ''$v="xyz" exec { f: command => "/bin/echo v is $v", logoutput => true }'' notice: /Stage[main]//Exec[f]/returns: v is xyz notice: /Stage[main]//Exec[f]/returns: executed successfully But how do I escape "bad" values of $v? Painful examples like the

https://bugzilla.mindrot.org/show_bug.cgi?id=2706 Bug ID: 2706 Summary: remote code execution via ProxyCommand+browser exploit Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: Mac OS X Status: NEW Severity: security Priority: P5 Component: ssh Assignee:

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1870 (Bug ID) Vulnerability type: CWE-789 (Uncontrolled Memory Allocation) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 CVE reference: CVE-2020-12673 CVSS: 7.5

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1869 (Bug ID) Vulnerability type: CWE-126 (Buffer over-read) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 Researcher credit: Orange from DEVCORE team CVE reference:

On Feb 9, 2017, at 2:03 PM, Leonard den Ottolander <leonard at den.ottolander.nl> wrote: > > On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: >> Escalation *requires* attacking a program in a security context other >> than your own. > > Not necessarily. Suppose the adversary is aware of a root > exploit/privilege escalation in a random library. There

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1870 (Bug ID) Vulnerability type: CWE-789 (Uncontrolled Memory Allocation) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 CVE reference: CVE-2020-12673 CVSS: 7.5

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1869 (Bug ID) Vulnerability type: CWE-126 (Buffer over-read) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 Researcher credit: Orange from DEVCORE team CVE reference: