Microsoft Warns of Attacks Against ASP.NET Flaw

Microsoft is warning customers that it has seen ongoing attacks against the recently disclosed padding oracle vulnerability in ASP.NET and is encouraging them to implement a workaround that will help protect against the publicly disclosed exploit for the bug. The workaround that Microsoft has...

Microsoft issues Advisory on ASP.NET Hole

Microsoft has issued a security advisory for a recently disclosed vulnerability in the ASP.NET that could leave millions of Web pages vulnerable to attack. The company on Friday released Security Advisory 2416728 addressing the ASP.NET security hole, which was first disclosed by researchers at th...

Multiple HTTP Error Responses (CVE-2010-3332)

ASP.NET is a collection of technologies within the.NET Framework that enable developers to build Web applications and XML Web Services. A remote attacker may exploit this issue to read data, such as the View State, which was encrypted by the server. This vulnerability is caused by ASP.NET providi...

Demo of ASP.NET Padding Oracle Attack

In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET. You can read the full story of their attack in this article, “Padding Orac...

Tool Expoits Data Flaws in JavaServer Faces

Researchers have released software that exposes private information and executes arbitrary code on sensitive websites by exploiting weaknesses in the widely used web development technology JavaServer Faces. Read the full article. The Register...

kernel: netlink: fix numerous padding memleaks

The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the 1 tcfillqdisc, 2...

kernel security and bug fix update

2.6.9-89.0.15.0.1.EL - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - backout patch sysrq-b that queues upto keventd thread Guru Anbalagane orabug 6125546 - netrx/netpoll race...

CVE-2005-4881

The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the 1 tcfillqdisc, 2...

kernel: information leak in sigaltstack

The dosigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack...

kernel: information leak in sigaltstack

The dosigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack...

kernel: information leak in sigaltstack

The dosigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack...

akPlayer 1.9.0 (.plt File) Universal Buffer Overflow Exploit (SEH)

No description provided by source. !/usr/bin/python x Bug: akPlayer 1.9.0 .plt Universal BOF Exploit SEH x Author : TiGeR-Dz x Usage : exploit.py exploit.plt x Usage2: Just grab the plt file into akPlayer. x Greetz: thanks very match his0k4 win32exec - EXITFUNC=seh CMD=calc Size=343...

Linux Kernel 2.6.31-rc5 - sigaltstack 4-Byte Stack Disclosure

Linux Kernel 2.6.31-rc5 - sigaltstack 4-Byte Stack Disclosure / sigaltstack-leak.c Linux Kernel http://jon.oberheide.org Information: http://git.kernel.org/linus/0083fc2c50e6c5127c2802ad323adf8143ab7856 Ulrich Drepper correctly points out that there is generally padding in the structure on 64-bit...

Linux Kernel <= 2.6.31-rc5 sigaltstack 4-Byte Stack Disclosure Exploit

Exploit for linux platform in category local exploits ====================================================================== Linux Kernel include include include include include include include include const int randcalls = 0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 13, 14, 16, 21, 22, 24, 25, 32, 33, 36...

TTY Nop Generator

Generates harmless padding for TTY input This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This class implements a "nop" generator for TTY payloads class MetasploitModule 'TTY Nop Generator', 'Alias' = 'ttygeneric',...

kernel: ptrace: Padding area write - unprivileged kernel crash

arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service kernel panic via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference...

kernel security and bug fix update

2.6.9-78.0.8.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with...

openssl mitm downgrade attack

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to u...

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

openssl mitm downgrade attack

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to u...