Apologies if someone already posted the obvious question but:
How come this Patch Tuesday was different for Skype?
Why didn't the last Patch Tuesday, which had the same rebooting
requirements as any other Patch Tuesday, cause the same problem with
Skype? What was different about this Patch Tuesd
[EMAIL PROTECTED]
Signed,
Marc Maiffret
Co-Founder/CTO
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9329
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http
Internet Explorer Compressed Content URL Heap Overflow Vulnerability
Release Date:
August 24, 2006
Date Reported:
August 17, 2006
Severity:
High (Code Execution)
Systems Affected:
Internet Explorer 6 SP1 with MS06-042 - Windows 2000
Internet Explorer 6 SP1 with MS06-042 - Windows XP SP1
Overvi
MS06-042 Related Internet Explorer 'Crash' is Exploitable
Date:
August 22, 2006
Severity:
High
Systems Affected:
Windows 2000 with IE6 SP1 and MS06-042 hotfix installed
Windows XP SP1 with IE6 SP1 and MS06-042 hotfix installed
Overview:
On August 8th Microsoft released MS06-042 which was a cumu
earch.eeye.com, it is in the
current blog post, courtesy of Derek Soeder. It is obviously
experimental and we recommend checking it out from a research
perspective rather than it being something like our previous third party
patch which was fine to install wherever.
Signed,
Marc Maiffret
Chief Hackin
stly while speaking of blogging I am sure there will be some
interesting things to "blog about" at this years Blackhat in Vegas.
We hope to see all of you out there, and for those that can not make it,
see you next Tuesday!
Signed,
Marc Maiffret
Founder/CTO
Chief Hacking Officer
eEye Digital Sec
workaround please visit:
http://www.eeye.com/html/research/alerts/AL20060324.html
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9329
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com
To be clear we did not make any claim except that Retina has been
updated to be able to identify this vulnerability. Obviously being that
it is a local vulnerability we audit for the vulnerability using
credentials through normal means that you should find in most any
vulnerability assessment scann
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
| -Original Message-
| From
You can get the tool at: http://www.eeye.com
P.S. Users of Retina (Network Security Scanner) have already had this
check within the latest Retina updates.
Signed,
Marc Maiffret
Co-Founder/Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Ne
and why.
Not sure how you can have "Trust"worthy Computing when your misinforming
customers on a regular basis or releasing patches that disable their
Internet access. :-o
For those technically inclined... supposedly MS thinks controlling ecx and
eax on a mov [ecx],eax is not exploitable
XDR Integer Overflow
Release Date:
March 19, 2003
Severity:
High (Remote Code Execution/Denial of Service)
Systems Affected:
Sun Microsystems Network Services Library (libnsl)
BSD-derived libraries with XDR/RPC routines (libc)
GNU C library with sunrpc (glibc)
Description:
XDR is a standard f
/Research/Flash/AL20030125.html
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
SQL Sapphire Worm Analysis
Release Date:
1/25/03
Severity:
High
Systems Affected:
Microsoft SQL Server 2000 pre SP 2
Description:
Late Friday, January 24, 2003 we became aware of a new SQL worm spreading
quickly across various networks around the world.
The worm is spreading using a buffer ove
Macromedia Shockwave Flash Malformed Header Overflow #2
Release Date:
December 16, 2002
Severity:
High (Remote Code Execution)
Systems Affected:
Macromedia Flash Player versions less than 6.0.65.0
Description:
While working on some pre-release Retina® CHAM tools, multiple exploitable
conditions
PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
Release Date:
December 11, 2002
Severity:
High (Code Execution)
Systems Affected:
We have specifically tested the following software and verified the
potential for exploitation:
Microsoft Internet Explorer 5.01
Microsoft Inter
Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
Release Date:
November 12, 2002
Severity:
High (Remote SYSTEM level code execution)
Systems Affected:
Macromedia Coldfusion 6.0 and prior (IIS ISAPI)
Macromedia JRun 4.0 and prior (IIS ISAPI)
Description:
Macromedia JRun a
. :-o
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
-Original Message-
Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow
Release Date: August 8, 2002
Severity:
High (Remote SYSTEM/ROOT)
Systems Affected:
iPlanet 6.0 and prior
Description:
A vulnerability in transfer chunking can be exploited to remotely execute
code of an attacker's choice on a
Macromedia Shockwave Flash Malformed Header Overflow
Release Date: August 8, 2002
Severity:
High (Remote Code Execution)
Systems Affected:
Macromedia Shockwave Flash - All Versions;
Unix and Windows; Netscape and Internet Explorer
Description:
While working on some pre-release eEye Retina CHAM
-in, to protect systems from this flaw. You may download the
patch from:
http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp
Note: This issue does not affect PGP Corporate Desktop users.
Discover: Marc Maiffret
Exploitation: Riley Hassell
Greetings: Kasia, and the hot photog
Macromedia Flash Activex Buffer overflow
Release Date:
05/02/2002
Severity:
High (Remote code execution)
Systems Affected:
Flash Activex Ocx Version 6, revision 23
(Possibly older versions)
Forward:
This is an unusual advisory in a number of ways.
One, it was found while investigating an acce
Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow
Release Date:
00/00/2002
Severity:
High (Remote code execution)
IWAM_MACHINE Privilege Level
Systems Affected:
Microsoft Windows NT 4.0 Internet Information Services 4.0
Microsoft Windows 2000 Internet Information Services 5.0
Description:
rch/Tools/codered.html
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
The following is a description of a "variant" "Code Red" worm that we have
found to be in the wild. Sorry for the rough content but we thought it would
be best to get this information out sooner and worry about pretty text
formating later ;-]
--
In this text, we will be referi
e worm was designed to do that... to stop
infecting and start attacking an IP address that use to point to
whitehouse.gov.
This whole worm process that we have been going through will basically start
from scratch and run its course again when the 1st of next month comes
around.
Signed,
Marc Maiffret
Chi
the worm just tries port 80 on ip's. doesnt care if its IIS or not.
also as for the ip seed thing... we have heard reports there is a variant
worm that is doing truly random IP addresses. We dont have any more info on
that though.
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Di
Thanks to Eric from Symantec for tossing us a note about the worm being Date
based and not Time based.
We made an error in our last analysis and said the worm would start
attacking whitehouse.gov based on a certain time. In reality its based on a
date (the 20th UTC) which is tomorrow.
If the wor
The following is a detailed analysis of the "Code Red" .ida worm that we
reported on July 17th 2001.
This analysis was performed by Ryan Permeh and Marc Maiffret of eEye Digital
Security. The disassembly (complete with comments) was done by Ryan
"Shellcode Ninja" Permeh
hsj's
exploit... hsj's exploit is _not_ a worm. Just wanted to clear that up for
the handful of people I have seen misreporting things.
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http:
The following information was researched by Ryan Permeh ([EMAIL PROTECTED] and
Marc Maiffret ([EMAIL PROTECTED] of eEye Digital Security.
We would like to specially thank Matthew Asham of Left Coast Systems Corp
and Ken Eichman of Chemical Abstracts Service for providing us with logs and
needed
believe to be a bug then I would suggest
contacting us first so that we can give you the needed information (I.E. 3
or so new versions of SecureIIS have been released since 1.0.6) and if there
is a valid problem then we can fix that problem. This however is not an
issue.
Thanks!
Signed,
Marc
All versions of Microsoft Internet Information Services, Remote buffer
overflow (SYSTEM Level Access)
Release Date:
June 18, 2001
Severity:
High (Remote SYSTEM level code execution)
Systems Affected:
Microsoft Windows NT 4.0 Internet Information Services 4.0
Microsoft Windows 2000 Internet Info
acker changes any of the various
exploit programs on the net to place the overflow buffer in http://%s/
instead of Host: %s then that exploit will basically sneak past certain
IDS's that are only focusing on Host: data instead of doing proper host
header checking.
just a heads up
Signed,
Ma
L PROTECTED] or myself so that we can work with you to
fix the bugs ASAP.
Thanks!
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/
iPlanet Netscape Enterprise Web Publisher Buffer Overflow
Release Date:
May 11, 2001
Severity:
High (Remote SYSTEM level code execution)
Systems Affected:
Netscape Enterprise 4.1 and prior versions.
Description:
The Web Publisher feature in Netscape Enterprise 4.1 is vulnerable to a
buffer o
E and then typing in
http://www.example.com/anything.printer which should then return an error
like "Error in web printer install." However by default IE shows "friendly"
HTTP error messages and is not going to show you the ISAPI error message. So
either turn off friendly HTTP error messag
Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM
Level Access)
Release Date:
May 01, 2001
Severity:
High (Remote SYSTEM level code execution)
Systems Affected:
Microsoft Windows 2000 Internet Information Services 5.0
Microsoft Windows 2000 Internet Information Services 5
Solaris ipcs vulnerability
Release Date:
April 11, 2001
Systems Affected:
Solaris 7 (x86)
Other versions of Solaris are most likely affected also.
Discovered by:
Riley Hassell [EMAIL PROTECTED]
Description:
We have discovered a buffer overflow in the /usr/bin/i86/ipcs utility
provided with Sol
Actually that was an error in our advisory.
The correct (yet correct us if we are wrong again ;-]) information is:
Solaris 7 and Solaris 8 x86 Xsun is suid
Solaris 7 and Solaris 8 Sparc Xsun is sgid
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
7;s because the cache doesn't get transferred. Well at least from what I
have seen, I could be completely wrong.
| Cheers,
| Charles Chear [[EMAIL PROTECTED]]
| http://presto.tpgn.net
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349
denied etc. added
|
|
| Regards,
| Roelof.
|
| --
| Roelof W Temmingh SensePost IT security
| [EMAIL PROTECTED] +27 83 448 6996
| http://www.sensepost.com
Signed,
Marc Maiffret
Chief Hacking Officer
eCompan
;evil" packet in order for Iris to crash. If you simply open iris and start
sniffing and receive the "evil" packet, without clicking to view it, then
Iris will not crash.
Thanks much to grazer for contacting us prior to posting to Bugtraq so that
we could work on a fix for this pr
43 matches
Mail list logo
