search for: sprundel

X.Org Security Advisory: March 17, 2015 More BDF file parsing issues in libXfont ======================================== Description: ============ Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop (afl) tool uncovered two more issues in the parsing of BDF font files. As libXfont is used by the X...

...Trifecta - Reversing, Runtime Antics, & Exploit Development - Neil Archibald 3. Exploiting OpenBSD - Ben Hawkes 4. Anti-Forensic Rootkits - Darren Bilby 5. Access over Ethernet: Insecurites in AoE - Morgan Marquis-Boire 6. Attacks Against RFID - Josh Perrymon 7. Unusual Bugs - Ilja van Sprundel 8. A Quantitive Time Series Analysis of Malware and Vulnerability Trends - Craig Wright 9. IPv6: Under the Hood - Mark Dowd 10. Software Vulnerabilities - Daniel Hodson 11. PE Packers Used in Malicious Software - Paul Craig 12. Web Services: Teaching a New Dog Old Tricks - Daniel Grzelak, Co...

...proaching yet again. This e-mail is to bring you up to date on the latest developments on this years conference. Our speakers list is complete [1] and our timetable has been finalised [2]. Below is a list of presentations for RUXCON 2005 (in order of acceptance): 1. Breaking Mac OSX - Ilja Van Sprundel & Neil Archibald 2. Binary protection schemes - Andrew Griffiths 3. Using OWASP Guide 2.0 for Deep Penetration Testing - Andrew van der Stock 4. Black Box Web Application Penetration Testing - David Jorm 5. Long Filename, Long Parameter, Malformed Data. Another Day, Another Vulnerab...

...SA-05:04.ifconf Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in ifconf() Category: core Module: sys_net Announced: 2005-04-15 Credits: Ilja van Sprundel Affects: All FreeBSD 4.x releases All FreeBSD 5.x releases prior to 5.4-RELEASE Corrected: 2005-04-15 01:51:44 UTC (RELENG_5, 5.4-STABLE) 2005-04-15 01:52:03 UTC (RELENG_5_4, 5.4-RELEASE) 2005-04-15 01:52:25 UTC (RELENG_5_3, 5.3-RELEASE-p9...

...SA-05:04.ifconf Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in ifconf() Category: core Module: sys_net Announced: 2005-04-15 Credits: Ilja van Sprundel Affects: All FreeBSD 4.x releases All FreeBSD 5.x releases prior to 5.4-RELEASE Corrected: 2005-04-15 01:51:44 UTC (RELENG_5, 5.4-STABLE) 2005-04-15 01:52:03 UTC (RELENG_5_4, 5.4-RELEASE) 2005-04-15 01:52:25 UTC (RELENG_5_3, 5.3-RELEASE-p9...

...n from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. These issue come in addition to the ones discovered by Ilja van Sprundel in 2013. Most of these issues stem from the client libraries trusting the server to send correct protocol data, and not verifying that the values will not overflow or cause other damage. Most of the time X clients & servers are run by the same user, with the server more privileged than the cli...