Hi to all,
I don't know if anyone might be interested in this (Reliant Unix is a sort
of archaeological OS) but sending an icmp port unreachable error to a RU
cause an immediate drop of all the connections in progress between the
server and the icmp-sender host, of course spoofing the icmp addres
On Fri, 6 Apr 2001, Gonzalez Albert wrote:
> Andrea,
>
> How could this be reproduced? I have a couple of Reliant Unix boxes over
> here.
>
> Albert
>
Hi Albert,
Just connect from a host to the box via ftp, ssh or telnet and during the
connection send from your host an icmp port unreachable (Ty
Hi to all,
Poprelayd is a simple script that scan /var/log/maillog for valid pop
logins and updates a hash db used by sendmail to permit relaying for
those valid pop users, this method is called "Pop-before-smtp".
The syslog string searched by the script is in this form for the qpop
server
ew.php?id=16880
http://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102
http://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f
Permalink:
http://www.ocert.org/advisories/ocert-2014-001.html
--
Andrea Barisani |Founder
/ocert-2014-002.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
3.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
issues as closed
2014-07-21: advisory release
References:
http://www.ansible.com
Permalink:
http://www.ocert.org/advisories/ocert-2014-004.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team
12
2014-08-08: contacted affected vendors
2014-08-12: advisory release
References:
http://git.ganeti.org/?p=ganeti.git;a=commit;h=a89f62e2db9ccf715d64d1a6322474b54d2d9ae0
Permalink:
http://www.ocert.org/advisories/ocert-2014-006.html
--
Andrea Barisani |Founder & Project Coordinator
mit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
(3)
https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
(3)
https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
Permalink:
http://www.ocert.org/advisories/ocert-2014-007.html
--
Andrea Baris
029
Permalink:
http://www.ocert.org/advisories/ocert-2014-009.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 86
157
https://bugzilla.redhat.com/show_bug.cgi?id=1173162
Permalink:
http://www.ocert.org/advisories/ocert-2014-012.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team
http://www.oc
patch provided by maintainer
2014-12-14: reporter confirms patch
2014-12-15: contacted affected vendors
2014-12-18: assigned CVE
2014-12-22: advisory release
References:
http://sox.sourceforge.net
Permalink:
http://www.ocert.org/advisories/ocert-2014-010.html
--
Andrea Barisani |F
-03: second patch provided by maintainer
2014-12-04: reporter confirms patch
2014-12-10: contacted affected vendors
2014-12-12: assigned CVEs
2014-12-22: advisory release
References:
http://www.info-zip.org/UnZip.html
Permalink:
http://www.ocert.org/advisories/ocert-2014-011.html
--
Andrea Baris
-by-one heap buffer overflow),
CVE-2014-8158 (stack overflow)
Timeline:
2015-01-06: vulnerability report received
2015-01-06: contacted affected vendors, assigned CVEs
2015-01-21: advisory release
References:
http://www.ece.uvic.ca/~frodo/jasper
--
Andrea Barisani |Foun
E-2015-0247
Timeline:
2015-01-19: vulnerability report received
2015-01-29: contacted affected vendors, assigned CVEs
2015-02-05: advisory release
References:
http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
Permalink:
http://www.ocert.org/advisories/ocert-2015-002.html
--
ion
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-3.html
https://mariadb.atlassian.net/browse/MDEV-7937
https://bugs.launchpad.net/percona-server/+bug/1447527
Permalink:
http://www.ocert.org/advisories/ocert-2015-003.html
--
Andrea Barisani |Founder & Projec
vendors
2015-05-11: advisory release
References:
https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
Permalink:
http://www.ocert.org/advisories/ocert-2015-006.html
--
Andrea Barisa
eeradius.org/security.html
Permalink:
http://www.ocert.org/advisories/ocert-2015-008.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E98
ory release
References:
https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=ce91452460a75d7424b165c4dc8db98114c3cbd9;hp=9e12195d3e4316278af1fa4bcb6a705ff27456fd
Permalink:
http://www.ocert.org/advisories/ocert-2015-009.html
--
Andrea Barisani |Founder & Project Coor
in collaboration with AIRBUS ICT Industrial
Security team
---------
--
Andrea Barisani Inverse Path Srl
Chief Security Engineer -> <
http://www.inve
/cs/ww/en/view/109744041
--
--
Andrea Barisani Inverse Path Srl
Chief Security Engineer -> <
http://www.inversepath.com
0x864C9B9E 0A76 074A 02C
s
2012-11-09: Ruby 1.9.3-p327 released
2012-11-23: advisory release
References:
https://www.131002.net/siphash
Permalink:
http://www.ocert.org/advisories/ocert-2012-001.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | OSS Computer Security Incide
www.ocert.org/advisories/ocert-2011-001.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Plur
2011.pdf
http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf
http://svn.php.net/viewvc?view=revision&revision=321003 (unstable, not final)
http://svn.php.net/viewvc?view=revision&revision=321040 (unstable, not final)
https://gist.github.com/52bbc6b9cc19ce330829
Permalink:
http://www.ocert.or
appreciated.
Cheers!
The oCERT Team
<[EMAIL PROTECTED]>
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
<[EMAIL PROTECTED]> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7
: advisory release
References:
http://libpng.sourceforge.net/Advisory-1.2.26.txt
Links:
http://www.libpng.org/pub/png/libpng.html
Permalink:
http://www.ocert.org/advisories/ocert-2008-003.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Comp
e/sweep/
http://xiph.org
http://www.videolan.org/vlc
http://xinehq.de
Permalink:
http://www.ocert.org/advisories/ocert-2008-004.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
<[EMAIL PROTECTED]>
http://www.ece.ucdavis.edu/ucd-snmp
http://ecos.sourceware.org
Permalink:
http://www.ocert.org/advisories/ocert-2008-006.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
<[EMAIL PROTECTED]>
ttp://poppler.freedesktop.org
Permalink:
http://www.ocert.org/advisories/ocert-2008-007.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
<[EMAIL PROTECTED]> http://www.ocert.org
0x864C9B9E 0
patch fixes finalized per reporter feedback
2008-07-18: contacted affected vendors
2008-07-31: advisory release
References:
http://www.scary.beasts.org/security/CESA-2008-003.html
Links:
http://xmlsoft.org/XSLT
Permalink:
http://www.ocert.org/advisories/ocert-2008-009.html
--
Andrea Ba
tes that the patch is incomplete and sends new PoC
2008-09-15: maintainer provides updated patch
2008-09-16: reporter confirms patch
2008-09-29: advisory release
References:
Links:
http://www.mplayerhq.hu
Permalink:
http://www.ocert.org/advisories/ocert-2008-013.html
--
Andrea Baris
cert-2009-003.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
rt.org/advisories/ocert-2010-002.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Plu
010-09-17: oCERT advisory published
References:
http://packetstormsecurity.org/1008-exploits/freesimplesoftware-rfi.txt
http://secunia.com/advisories/41001
http://osvdb.org/67329
Permalink:
http://www.ocert.org/advisories/ocert-2010-003.html
--
Andrea Barisani |Founder & Project Coordinator
ed to ffmpeg repository
2010-09-28: patch automatically pulled to mplayer repository from ffmpeg one
2010-09-28: oCERT advisory published
References:
http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=16c592155f117ccd7b86006c45aacc692a81c23b
Permalink:
http://www.ocert.org/advisories/ocert-2010-004.html
T asks reporter to disclose the
issue
2009-04-29: reporter agrees to disclosure
2009-05-11: advisory release
References:
Permalink:
http://www.ocert.org/advisories/ocert-2009-004.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Compu
nk:
http://www.ocert.org/advisories/ocert-2009-009.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 57
rrentFolder vulnerability
2009-06-24: security maintainer provides patch
2009-06-29: assigned CVE
2009-07-03: preliminary advisory release with mitigation instructions due to
wide exposure of the issue
Permalink:
http://www.ocert.org/advisories/ocert-2009-007.html
--
Andrea Barisan
t-2009-008.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non e
7-04: reporter acknowledges patch
2009-07-13: advisory release
References:
https://bugzilla.redhat.com/attachment.cgi?id=35132
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347
Permalink:
http://www.ocert.org/advisories/ocert-2009-012.html
--
Andrea Barisani |Founder & P
issues are available
2009-07-13: advisory release
References:
http://scary.beasts.org/security/CESA-2009-009.html
http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578
Permalink:
http://www.ocert.org/advisories/ocert-2009-010.html
--
Andrea Barisani
/?p=platform/frameworks/base.git;a=commit;h=4d8adefd35efdea849611b8b02d61f9517e47760
http://android.git.kernel.org/?p=platform/packages/apps/Camera.git;a=commit;h=e655d54160e5a56d4909f2459eeae9012e9f187f
Permalink:
http://www.ocert.org/advisories/ocert-2009-011.html
--
Andrea Barisani
:
http://www.akitasecurity.nl/advisory.php?id=AK20090601
Permalink:
http://www.ocert.org/advisories/ocert-2009-013.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
http://www.ocert.org
0x864C9B9E 0A76
;a=commit;h=46e23fe762d2143d60589ab6d39c4b47c2c754d1
Dalvik API DoS:
http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=cf4550c3198d6b3d92cdc52707fe70d7cc0caa9f
Permalink:
http://www.ocert.org/advisories/ocert-2009-014.html
--
Andrea Barisani |Founder & Proj
sion=938003
Permalink:
http://www.ocert.org/advisories/ocert-2009-015.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E9
rt.org/advisories/ocert-2009-017.html
--
Andrea Barisani |Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
7: ganeti 1.2.9, 2.0.5, 2.1.0~rc2 released
2009-12-17: advisory published
References:
http://groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2
Permalink:
http://www.ocert.org/advisories/ocert-2009-019.html
--
Andrea Barisani |Founder & Project Coordina
47 matches
Mail list logo