Full Disclosure mailing list archives
[FDSA] Multiple Vulnerabilities in Your Computer (all versions)
From: "Fredrick Diggle" <fdiggle () gmail com>
Date: Tue, 15 Jan 2008 12:59:59 -0600
####################################################################### Fredrick Diggle Security Advisory Application: Your Computer Versions: All Versions Affected Platforms: All Platforms Affected Bugs: Buffer Overflows Severity: Xtreme!!!! Date: 15 Jan 2008 Credit: Fredrick Diggle ####################################################################### 1) Introduction 2) Bugs 4) Fix ####################################################################### =============== 1) Introduction =============== Fredrick Diggle Security Services is probably the best application security researchers on the scene this month. They have identified several hundred thousand vulnerabilities this week for which Priv8 0dayz have been developed. Fredrick Diggle Security Team has decided to release several of these vulnerabilities to the community at large (Pre Vendor Release!!!!). Fred Diggle would like to ensure that you understand this is 0DAY!!!. The vendors are completely unaware of this vulnerabilities. ####################################################################### ======= 2) Bugs ======= OpenSSL 0.9.7j openssl-0.9.7j/fips-1.0/aes/fips_aesavs.c 973: User supplied data copied into fixed length buffer on the stack with no length verification. SSH 3.2.9.1 ssh-3.2.9.1/lib/zlib/contrib/minizip/minizip.c 187: User supplied data copied into fixed length buffer on the stack with no length verification. Apache 1.3.37 src/regex/split.c 164: User supplied data copied into fixed length buffer on the stack with no length verification. Samba 3.0.25b samba-3.0.25b/source/popt/poptparse.c 27: Integer overflow in size_t which is later used in heap allocation. Buffer then copied into this memory resulting in heap overflow. Fredrick Diggle would like you to note that this is very small subset of the 0dayz that Fredrick Diggle Security Team has available. If you are rich and would like to buy our Exploit codez Fredrick Diggle would very much like to hear from you. ####################################################################### ====== 4) Fix ====== There is no fix :> We are doomed :< ####################################################################### _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [FDSA] Multiple Vulnerabilities in Your Computer (all versions) Fredrick Diggle (Jan 15)