search for: adversaries

On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: > Escalation *requires* attacking a program in a security context other > than your own. Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. Then the heap spraying allows this attacker to easily trigger this exploit because he is able to initialize the entire contents of the

Hi Guus, I've attached something like a commit message (I think). Sorry, but I am not familiar with git and currently familiarizing with it. In the meantime, I fixed some code and introduced a compatibility wrapper to allow porting tinc to "Fritz!Box" (using Freetz http://trac.freetz.org/). The file is called ifaddr-compat.h/c and wraps the function "getifaddrs". I'm

Hello, Does anyone have a sample SELinux policy for dkim-milter? I'm using the configuration from this page: http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3 Along with the latest RPM from the link on that page. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT

hello, i need to setup a mail server with postfix + dovecot + webmin + virtualmin + virtual user with linux system user. the virtual user may reach to thousands user from several hundreds virtual domains. what i concern is large numbers of linux system user which used in these setup, is it good or bad? maybe somebody would share their experience about this setup ? any links would be good.

On 02/20/2019 07:51 AM, Mark D. Baushke wrote: > There are too just many cases where both OpenSSH interoperating with > itself as well as other SSH implementations have needed this version > number to properly deal with bugs in the code via negitations. FWIW, and without dismissing the possibility of fingerprinting a server in other ways, the fact that clients that *can* pass

Bill, I have clarified this on SO, and I will copy that clarification in here: "Sure, we tested them on other 8-digit numbers as well & we could not replicate. However, these are honest-to-goodness numbers generated by a non-adversarial system that has no conception of these numbers being used for anything other than a unique key for an entity -- these are not a specially constructed

Hello Warren, On Thu, 2017-02-09 at 14:22 -0700, Warren Young wrote: > There are two serious problems with this argument: > > 1. Give me a scenario where this attacker can execute *only* pkcheck > in order to exploit this hypothetical library?s flaw, but where the > attacker cannot simply provide their own binary to do the same > exploit. Short of something insane like

Bill, Appreciate the point that both you and Serguei are making, but the sequence in question is not a selected or filtered set. These are values as observed in a sequence from a mechanism described below. The probabilities required to generate this exact sequence in the wild seem staggering to me. T On Fri, Nov 3, 2017 at 11:27 PM, William Dunlap <wdunlap at tibco.com> wrote: >

On Wed, 8 Apr 2020 at 04:23, Kai Wang <kai.wang at sifive.com> wrote: > If we apply the type system pointed out by Renato, is the vector type <vscale x 1 x i16> legal? If we decide that <vscale x 1 x i16> is a fundamentally impossible type, does it contrary to the philosophy of LLVM IR as reasonably target-independent IR? I do not get the point of your argument. Hi Kai,

Another other generator is subject to the same problem with the same probabilitiy. > Filter(function(s){set.seed(s, kind="Knuth-TAOCP-2002");runif(1,17,26)>25.99}, 1:10000) [1] 280 415 826 1372 2224 2544 3270 3594 3809 4116 4236 5018 5692 7043 7212 7364 7747 9256 9491 9568 9886 Bill Dunlap TIBCO Software wdunlap tibco.com On Fri, Nov 3, 2017 at 10:31 AM, Tirthankar

> On Nov 21, 2019, at 14:23, Robinson, Paul via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > Some years ago there was a random-nop-insertion pass (for ROP gadget removal) proposed, which didn't stick; we recently had a summer intern work on it but did not get to proper quality; I'd like to revive that. Hi Paul, I'm curious about what the use case for this was. In

...ntime library recording the address of the most-recently allocated safe stack to cause safe stacks to be allocated in vulnerable locations. An alternative approach to avoid that limitation could be to store that variable above the bound checked by the instrumented code. This could help to prevent adversaries from forcing safe stacks to be allocated at vulnerable locations while still allowing the program to keep running even when its safe stacks protrude below the bound. Of course, the protruding portions of the safe stacks would be vulnerable. Another alternative could be to treat the MPX bounds reg...

Tirthankar, "random number generators" do not produce random numbers. Any given generator produces a fixed sequence of numbers that appear to meet various tests of randomness. By picking a seed you enter that sequence in a particular place and subsequent numbers in the sequence appear to be unrelated. There are no guarantees that if YOU pick a SET of seeds they won't produce

If I have a "simple" variable value, this works fine: capmon@peter:~> puppet -e ''$v="xyz" exec { f: command => "/bin/echo v is $v", logoutput => true }'' notice: /Stage[main]//Exec[f]/returns: v is xyz notice: /Stage[main]//Exec[f]/returns: executed successfully But how do I escape "bad" values of $v? Painful examples like the

https://bugzilla.mindrot.org/show_bug.cgi?id=2706 Bug ID: 2706 Summary: remote code execution via ProxyCommand+browser exploit Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: Mac OS X Status: NEW Severity: security Priority: P5 Component: ssh Assignee:

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1870 (Bug ID) Vulnerability type: CWE-789 (Uncontrolled Memory Allocation) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 CVE reference: CVE-2020-12673 CVSS: 7.5

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1869 (Bug ID) Vulnerability type: CWE-126 (Buffer over-read) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 Researcher credit: Orange from DEVCORE team CVE reference:

On Feb 9, 2017, at 2:03 PM, Leonard den Ottolander <leonard at den.ottolander.nl> wrote: > > On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: >> Escalation *requires* attacking a program in a security context other >> than your own. > > Not necessarily. Suppose the adversary is aware of a root > exploit/privilege escalation in a random library. There

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1870 (Bug ID) Vulnerability type: CWE-789 (Uncontrolled Memory Allocation) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 CVE reference: CVE-2020-12673 CVSS: 7.5

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1869 (Bug ID) Vulnerability type: CWE-126 (Buffer over-read) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 Researcher credit: Orange from DEVCORE team CVE reference: