Mark Dowd on Exploit Mitigation Development

Mark Dowd, fresh off his 2017 Security Analyst Summit keynote, discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers...

AirDrop vulnerability: millions of Apple devices can be silently installed malicious application-vulnerability warning-the black bar safety net

AirDrop file transfer feature on a vulnerability exists, a malicious application may be silently installed on millions of Apple device, and replace the legitimate app. AirDrop is Apple developed for inter-device direct technology to transfer files, but security researchers Mark Dowd was in iOS an...

AirDrop Bug in Apple iOS and OSX allows Hackers to Install Malware Silently

With the launch of iOS 9, Apple gave us an ultimate reason to upgrade our Apple devices to its new operating system. The latest iOS 9 includes a security update for a nasty bug that could be exploited to take full control of your iPhone or Macs, forcing most of the Apple users to download the...

Apache module mod_rewrite LDAP protocol Buffer Overflow

No description provided by source. $Id: apachemodrewriteldap.rb 8498 2010-02-15 00:48:03Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

Apache module mod_rewrite LDAP protocol Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Apache modul...

Apache Module mod_rewrite LDAP Protocol Buffer Overflow

This module exploits the modrewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This module requires REWRITEPATH to be set accurately. In addition, the target must have...

Debian Security Advisory DSA 257-1 (sendmail)

The remote host is missing an update to sendmail announced via advisory DSA 257-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 5.04 / 5.10 / 6.06 LTS : openssh vulnerabilities (USN-355-1)

Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired...

Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)

No description provided by source. !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis axis@ph4nt0m http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 1.3.37 2.0 branch: 2.0.46 and 2.0.59...

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

!/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20 http://www.milw0rm.com/exploits/2237 to successfully exploit the...

USN-355-1: openssh vulnerabilities

Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired...

Apache 1.3.372.0.592.2.3 mod_rewrite - Remote Overflow

Apache 1.3.372.0.592.2.3 modrewrite - Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-one. Vulnerability discovered by Mark Dowd. CVE-2006-3747 by jack 2006-08-20 Thx to xuso for help me with the shellcode. I suppose that you've the "RewriteRule kung/. $1" rule if not you must...

Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow

!/bin/sh Exploit for Apache modrewrite off-by-one. Vulnerability discovered by Mark Dowd. CVE-2006-3747 by jack 2006-08-20 Thx to xuso for help me with the shellcode. I suppose that you've the "RewriteRule kung/. $1" rule if not you must recalculate adressess. Shellcode is based on Taeho Oh...

GLSA-200608-01 : Apache: Off-by-one flaw in mod_rewrite

The remote host is affected by the vulnerability described in GLSA-200608-01 Apache: Off-by-one flaw in modrewrite An off-by-one flaw has been found in Apache's modrewrite module by Mark Dowd of McAfee Avert Labs. This flaw is exploitable depending on the types of rewrite rules being used. Impact...

DSA-1132-1 apache2 - buffer overflow

Bulletin has no description...

DSA-1131-1 apache - buffer overflow

Bulletin has no description...

SUSE-SA:2006:017: sendmail

The remote host is missing the patch for the advisory SUSE-SA:2006:017 sendmail. The popular MTA sendmail is vulnerable to a race condition when handling signals. Under certain circumstances this bug can be exploited by an attacker to execute commands remotely. Sendmail was the default MTA in SuS...