search for: adversary

On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: > Escalation *requires* attacking a program in a security context other > than your own. Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. Then the heap spraying allows this attacker to easily trigger this exploit because he is able to initialize the entire contents of the heap to his liking and thus call whatever function he likes, including the one that will cause...

...t; (using Freetz http://trac.freetz.org/). The file is called ifaddr-compat.h/c and wraps the function "getifaddrs". I'm going to answer your questions now: > Why the need for a response message? Because a simple "announce/broadcast" can't be authenticated, thus, an adversary could announce that he's a legitimate endpoint. Although this would not allow the adversary to decrypt packets, communication between nodes could be interrupted. By requesting the nodes to answer by encrypting the challenge, a safe authentication can be achieved. Since the challenge is random,...

...have a sample SELinux policy for dkim-milter? I'm using the configuration from this page: http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3 Along with the latest RPM from the link on that page. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT Consultant Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x371AC5BFA04AE313 -------------- next part -------------- A non-text attachment was scrubbed... Name:...

hello, i need to setup a mail server with postfix + dovecot + webmin + virtualmin + virtual user with linux system user. the virtual user may reach to thousands user from several hundreds virtual domains. what i concern is large numbers of linux system user which used in these setup, is it good or bad? maybe somebody would share their experience about this setup ? any links would be good.

On 02/20/2019 07:51 AM, Mark D. Baushke wrote: > There are too just many cases where both OpenSSH interoperating with > itself as well as other SSH implementations have needed this version > number to properly deal with bugs in the code via negitations. FWIW, and without dismissing the possibility of fingerprinting a server in other ways, the fact that clients that *can* pass

Bill, I have clarified this on SO, and I will copy that clarification in here: "Sure, we tested them on other 8-digit numbers as well & we could not replicate. However, these are honest-to-goodness numbers generated by a non-adversarial system that has no conception of these numbers being used for anything other than a unique key for an entity -- these are not a specially constructed

...> exploit. Short of something insane like exposing pkcheck via CGI over > HTTP, I don?t see how a flaw in pkcheck gives you something here that > you don?t already have. On many systems local users cannot execute their own uploaded binaries (noexec mounts). This would also be true for an adversary entering a system with a remote "unprivileged" exploit. In that situation pcheck gives them a "crow bar" they did not have before. > A vulnerable library is a vulnerable library. Fix the library, don?t > invent reasons to fix all the other programs on the system because...

Bill, Appreciate the point that both you and Serguei are making, but the sequence in question is not a selected or filtered set. These are values as observed in a sequence from a mechanism described below. The probabilities required to generate this exact sequence in the wild seem staggering to me. T On Fri, Nov 3, 2017 at 11:27 PM, William Dunlap <wdunlap at tibco.com> wrote: >

On Wed, 8 Apr 2020 at 04:23, Kai Wang <kai.wang at sifive.com> wrote: > If we apply the type system pointed out by Renato, is the vector type <vscale x 1 x i16> legal? If we decide that <vscale x 1 x i16> is a fundamentally impossible type, does it contrary to the philosophy of LLVM IR as reasonably target-independent IR? I do not get the point of your argument. Hi Kai,

Another other generator is subject to the same problem with the same probabilitiy. > Filter(function(s){set.seed(s, kind="Knuth-TAOCP-2002");runif(1,17,26)>25.99}, 1:10000) [1] 280 415 826 1372 2224 2544 3270 3594 3809 4116 4236 5018 5692 7043 7212 7364 7747 9256 9491 9568 9886 Bill Dunlap TIBCO Software wdunlap tibco.com On Fri, Nov 3, 2017 at 10:31 AM, Tirthankar

> On Nov 21, 2019, at 14:23, Robinson, Paul via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > Some years ago there was a random-nop-insertion pass (for ROP gadget removal) proposed, which didn't stick; we recently had a summer intern work on it but did not get to proper quality; I'd like to revive that. Hi Paul, I'm curious about what the use case for this was. In

...tial BND0 upper bound when the program starts that is arbitrarily set to be 256MiB below the base of the initial (safe) stack. If and when that 256MiB space becomes overfilled by safe stacks, the program will crash due to a failing CHECK_GE statement in the runtime library. Without this check, an adversary may be able to modify a variable in the runtime library recording the address of the most-recently allocated safe stack to cause safe stacks to be allocated in vulnerable locations. An alternative approach to avoid that limitation could be to store that variable above the bound checked by the inst...

Tirthankar, "random number generators" do not produce random numbers. Any given generator produces a fixed sequence of numbers that appear to meet various tests of randomness. By picking a seed you enter that sequence in a particular place and subsequent numbers in the sequence appear to be unrelated. There are no guarantees that if YOU pick a SET of seeds they won't produce

If I have a "simple" variable value, this works fine: capmon@peter:~> puppet -e ''$v="xyz" exec { f: command => "/bin/echo v is $v", logoutput => true }'' notice: /Stage[main]//Exec[f]/returns: v is xyz notice: /Stage[main]//Exec[f]/returns: executed successfully But how do I escape "bad" values of $v? Painful examples like the

https://bugzilla.mindrot.org/show_bug.cgi?id=2706 Bug ID: 2706 Summary: remote code execution via ProxyCommand+browser exploit Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: Mac OS X Status: NEW Severity: security Priority: P5 Component: ssh Assignee:

...le Vendor notification: 2020-05-03 CVE reference: CVE-2020-12673 CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Vulnerability Details: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. Risk: An adversary can use this vulnerability to crash dovecot auth process repeatedly, preventing login. Steps to reproduce: (echo 'AUTH NTLM'; echo -ne 'NTLMSSP\x00\x01\x00\x00\x00\x00\x02\x00\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' | \ base64 -w0 ;echo ;echo -ne 'NTLMSSP\x00\x03\x00\x00\x...

...notification: 2020-05-03 Researcher credit: Orange from DEVCORE team CVE reference: CVE-2020-12674 CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Vulnerability Details: Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on Risk: An adversary can use this vulnerability to crash dovecot auth process repeatedly, preventing login. Steps to reproduce: (echo 'AUTH RPA'; echo -ne '\x60\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x73\x01\x01\x01\x00\x04\x00\x00\x01' | base64 -w 0; echo ; echo -ne '\x60\x11\x06\x09\x60\x86\x48\x01\...

...9, 2017, at 2:03 PM, Leonard den Ottolander <leonard at den.ottolander.nl> wrote: > > On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: >> Escalation *requires* attacking a program in a security context other >> than your own. > > Not necessarily. Suppose the adversary is aware of a root > exploit/privilege escalation in a random library. There are two serious problems with this argument: 1. Give me a scenario where this attacker can execute *only* pkcheck in order to exploit this hypothetical library?s flaw, but where the attacker cannot simply provide the...

...le Vendor notification: 2020-05-03 CVE reference: CVE-2020-12673 CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Vulnerability Details: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. Risk: An adversary can use this vulnerability to crash dovecot auth process repeatedly, preventing login. Steps to reproduce: (echo 'AUTH NTLM'; echo -ne 'NTLMSSP\x00\x01\x00\x00\x00\x00\x02\x00\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' | \ base64 -w0 ;echo ;echo -ne 'NTLMSSP\x00\x03\x00\x00\x...

...notification: 2020-05-03 Researcher credit: Orange from DEVCORE team CVE reference: CVE-2020-12674 CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Vulnerability Details: Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on Risk: An adversary can use this vulnerability to crash dovecot auth process repeatedly, preventing login. Steps to reproduce: (echo 'AUTH RPA'; echo -ne '\x60\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x73\x01\x01\x01\x00\x04\x00\x00\x01' | base64 -w 0; echo ; echo -ne '\x60\x11\x06\x09\x60\x86\x48\x01\...