search for: fulldisclosure

Displaying 5 results from an estimated 5 matches for "fulldisclosure".

2012 Aug 01
5
[Full-disclosure] nvidia linux binary driver priv escalation exploit
Hi all! I found this today on FD: http://seclists.org/fulldisclosure/2012/Aug/4
2010 Sep 18
2
Ac1dB1tch3z Vs Linux Kernel x86_64 0day
Are there any 64bit CentOS5 kernels available that are immune against the exploit mentioned in the subject? Turning off 32bit support is no option to me.. Gerhard Schneider P.S.: Source code can be found at http://seclists.org/fulldisclosure/2010/Sep/268 and is working "well" on 2.6.18-194.11.3.el5.centos.plus -- Gerhard Schneider Institute of Lightweight Design and e-Mail: gs at ilsb.tuwien.ac.at Structural Biomechanics (E317) Tel.: +43 664 60 588 3171 Vienna University of Technology / Austria F...
2008 Jul 09
2
loginmsg bug
Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html This Mrdkaaa character claims to have exploited this, but does not say how. The issue is that if do_pam_account() fails, do_authloop() will call packet_disconnect() with loginmsg as the format string (classic printf(foo) instead of printf("%s", foo) bug). The stuff t...
2016 Jul 19
2
Openssh use enumeration
Hi, sorry I don't know if I send this to the correct channel. I have notice that OpenSSH has recognized the presence of the user enumeration as a vulnerability, http://seclists.org/fulldisclosure/2016/Jul/51 (CVE-2016-6210). I want to make an appreciation, this is a old vulnerability already announced three years ago. https://blog.curesec.com/article/blog/OpenSSH-User-Enumeration-Time-Based-Attack-20.html http://seclists.org/fulldisclosure/2013/Jul/88 http://www.behindthefirewalls.com/...
2011 Apr 01
0
on "BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload"
Hi, as some IPSec users might be worried about the "BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload" from http://seclists.org/fulldisclosure/2011/Apr/0 , here's some braindump: To be affected it's believed that you need to 1) manually compile in IPSEC (not done in GENERIC or the release), 2) have an entry for ipcomp in your security associations. You may also want to check what you negotiate with trusted peers if you...