Ubuntu: Security Advisory (USN-351-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Jon Oberheide on Perimeter Security

Mike Mimoso talks to Duo Security co-founder and CTO Jon Oberheide at RSA Conference about Google’s BeyondCorp security model, enforcing perimeter security, how endpoint security has evolved through the years, and the future of passwords. Download: JonOberheideonPerimeterSecurity.mp3 Music by Chr...

Linux Kernel < 2.6.14.6 procfs Kernel Memory Disclosure Exploit

/ cve-2005-4605.c Linux Kernel 2.6.14.6 procfs Kernel Memory Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4605 The procfs code procmisc.c in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers ...

Linux Kernel < 2.6.30.5 cfg80211 Remote Denial of Service Exploit

No description provided by source. / cfg80211-remote-dos.c Linux Kernel 2.6.30.5 cfg80211 Remote DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://patchwork.kernel.org/patch/41218/ These pointers can be NULL, the ismesh case isn't ever hit in the current kernel, but...

OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit

No description provided by source. / cve-2009-1386.c OpenSSL 0.9.8i DTLS ChangeCipherSpec Remote DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 OpenSSL would SegFault if the DTLS server receives a...

OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS

No description provided by source. / cve-2009-1378.c OpenSSL = 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 In dtls1processoutofseqmessage the check if the...

Dan Guido on the THREADS Mobile Security Conference

Dennis Fisher talks with Dan Guido, CEO of Trail of Bits and hacker-in-residence at NYU-Poly, about the school’s first mobile security conference, called THREADS, taking place this week in Brooklyn. Part of the college’s Cybersecurity Awareness Week CSAW, THREADS will include speaker such as Dino...

Researchers bypass Google Bouncer Android Security

Researchers bypass Google Bouncer Android Security Google's Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company earlier this year introduced the Bouncer system to look for malicious apps in the Google Play market. Bouncer,...

Linux Kernel 2.6.36.2 (Ubuntu 10.04) - Half-Nelson.c Econet Privilege Escalation

Linux Kernel 2.6.36.2 Ubuntu 10.04 - Half-Nelson.c Econet Privilege Escalation / half-nelson.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3848 Stack-based buffer overflow in the econetsendmsg function in net/econet/afeconet.c in the...

Linux Kernel 2.6.33.3 SCTP INIT Denial Of Service

From: http://jon.oberheide.org/files/sctp-boom.py !/usr/bin/env python ''' sctp-boom.py Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 The sctpprocessunkparam function in net/sctp/smmakechunk.c in the Linux kernel 2.6.33.3 and earlie...

Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service

Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service From: http://jon.oberheide.org/files/sctp-boom.py !/usr/bin/env python ''' sctp-boom.py Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 The sctpprocessunkparam function in...

Jon Oberheide on Linux Kernel Exploitation

At the SOURCE conference in Boston, security researcher Jon Oberheide discusses the intricacies of Linux kernel exploitation...

Linux Kernel < 2.6.14.6 procfs Kernel Memory Disclosure Exploit

Exploit for linux platform in category local exploits =============================================================== Linux Kernel include include include include include include include include include...

OpenSSL &lt; 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service

/ cve-2009-1386.c OpenSSL http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 OpenSSL would SegFault if the DTLS server receives a ChangeCipherSpec as the first record instead of ClientHello. Usage: Pass the host and port of the target DTLS server: $...

honeyd security advisory: remote detection

Honeyd Security Advisory 2006-001 ================================= Topic: Remote Detection Via Multiple Probe Packets Version: All versions prior to Honeyd 1.5 Severity: Identification of Honeyd installations allows an adversary to launch attacks specifically against Honeyd. No remote root explo...

[Full-disclosure] 3 XSS Vulnerabilities in Phorum &lt;= 5.0.14

Author: Jon Oberheide [email protected] Date: Sat, March 12th, 2005 Summary ======= Application: Phorum Vendor Website: http://www.phorum.org Affected Versions: = 5.0.14 Type of Vulnerability: Cross Site Scripting XSS About Phorum ============ Phorum is a web based message board written in PHP...