10 matches found
Agent Privilege Separation in OpenClaw: A Structural Defense against Prompt Injection
Prompt injection remains one of the most practical attack vectors against LLM-integrated applications. We replicate the Microsoft LLMail-Inject benchmark Greshake et al., 2024 against current generation models running inside OpenClaw, an open source multitool agent platform. Our proposed defense...
SUSE CVE-2016-10011
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...
Updated openssh packages fix security vulnerability
It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...
Medium: openssh
Issue Overview: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. CVE-2016-6210 It was found that OpenSSH...
openssh: Leak of host private key material to privilege-separated child process via realloc()
It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information...
BSA-2017-274
Security Advisory ID : BSA-2017-274 Component : Authfile.c in sshd in OpenSSH before 7.4 Revision : 3.0: Final authfile.cinsshdinOpenSSHbefore 7.4 does not properly consider the effects ofreallocon buffer contents, which might allow local users to obtain sensitive private-key information by...
ALPINE-CVE-2016-10011
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...
Design/Logic Flaw
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...
CVE-2016-10011
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...
CVE-2016-10011
It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information...