question to run the /home/myhome/sudoedit as sudo???
Or am I missing something?
Andy
On Tue, 2 Mar 2010, Kingcope wrote:
> Just for the record.
>
> ---snip---
> #!/bin/sh
> # Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
> # local root exploit
> # March 201
orth noting that at some stage around IOS 12.4 this structure
changed slightly and therfore if you were planning on exploiting
12.4(7a) which is also vulnerable to the FTP stack overflow, the
offsets are 0x17c and 0xdec
Cheers,
Andy
On Wed, Jul 30, 2008 at 10:03 AM, Andy Davis
<[EMAIL PRO
ocess"
//(current connection to the FTP server)
Cheers,
Andy
debugger - not something you are likely to encounter on the Internet
Anyway, hopefully this will promote further IOS security research as
there's plenty left to look at!
Cheers,
Andy
/*
Cisco IOS FTP server remote exploit by Andy Davis 2008
Cisco Advisory ID: cisco-sa-20070509-iosftp
There is no exploit involved. Though, there is a bug involved.
The described issue generates an error screen using the links provided;
however, this is only because there is a bug with single character search
strings. Using anything longer than the string mentioned in the initial report
(1 l
In the last three months IRM has discovered a total of 13 new security
vulnerabilities in Cisco IOS. These vulnerabilities were reported to
Cisco and have all been allocated PSIRT reference numbers while the root
cause and potential impact of each is investigated. Cisco has taken all
the vulnerabil
Yes it does. However, if ACLs have been applied to all available VTY
lines on the router then a third memory overwrite is required to remove
the ACL on the VTY line to which you'd like to connect - this is
straightforward to do.
Andy
From: Abus
either workarounds or patches to mitigate these
vulnerabilities, IRM will release advisories which will include full technical
details.
Andy DavisĀ | Chief Research Officer
Information Risk Management Plc
8th Floor | Kings Building | Smith Square | London SW1P 3JJ
Tel: +44 (0) 1242 225 205
Fax
y be clearer to everyone
when we release the higher resolution videos that are easier to watch.
Cheers,
Andy
-Original Message-
From: Halvar Flake [mailto:[EMAIL PROTECTED]
Sent: 12 October 2007 07:32
To: Andy Davis; bugtraq@securityfocus.com
Subject: Re: Cisco PSIRT response on IRM Demons
ex.php/155-Advisory-024) that we released
earlier today.
We should be releasing hi-res versions of the videos at some stage in
the next 24 hours at
http://www.irmplc.com/index.php/153-Embedded-Systems-Security.
I hope that makes things a bit clearer for everyone
Cheers,
Andy
-Origin
0071010-lpd.shtml
Tested/Affected Versions:
IRM identified this vulnerability in IOS version 12.3(22)
Credits:
Research & Advisory: Andy Davis
Disclaimer:
All information in this advisory is provided on an 'as is' basis in the
hope that it will be useful. Information Risk Manage
The Articles module has been updated to v1.03, which contains some input
sanitising and should negate this exploit.
Version 1.03 can be downloaded from
http://support.sirium.net/modules/mydownloads/viewcat.php?cid=2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I use HTTPS and disable HTTP on my Linksys WRT54G which seem to help
protect against this attack. I modified your curl command to:
curl -d -k "SecurityMode=0&layout=en" https://192.168.1.1/Security.tri
as to attempt to use your command in my environm
Crashed my FF 1.5.0.3 straight away on a fully patched XP Pro Service Pack 2
Andy
-Original Message-
From: Josh Zlatin-Amishav [mailto:[EMAIL PROTECTED]
Sent: 31 May 2006 16:50
To: [EMAIL PROTECTED]
Cc: bugtraq@securityfocus.com
Subject: Re: Fire fox dos exploit
On Tue, 30 May 2006
My BlackICE stops this from XSS from happening, however changing the URL
from a .ae domain to a .com and leaving the rest in tact, I am then
prompted.
http://www.google.com/search?hl=ar&q=alert("1")&meta=
Ashes
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent:
there is sufficient value in the changes I will post a
summary, otherwise the page will remain available
Regards
Andy Cuff
Chief Technology Officer
Computer Network Defence Ltd
http://www.securitywizardry.com
Excuse my ignorance, or currently tired state, but where is the actual
tool located? I can find the paper OK.
Thanks.
--A
On 11 Dec 2005 21:17:25 -, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> Hi, we are a group of Stanford researchers and we have recently
> developed an automated tool f
I've been working with IBM http server 1.0 on AS/400 and when requesting a
JSP page that doesn't exist the JSP processor returns recursive error with
a listing of information including the root paths and versions of servlets
that run on the server.
Is this a known vulnerability/misconfig
> > On the surface, this looks fine, until you look at the ASM output, and
> > you see the call to memset has been removed by the optimizer because
> > szPwd is not read once the function completes. Hence, the secret data is
> > still floating in memory.
> >
> > This optimization, common in most m
the most recent
versions of konqueror. I suppose to keep the number of bugs down to allow
them to focus on pushing forward with improvements to new versions.
KDE 2.1.1 is pretty old to be honest.
Andy
At 02:20 PM 7/19/2001, Jim Hribnak wrote:
>There is patches (old Patches) that seem to fix the problem YET the patch
>says its for Microsoft Index server (a lot of people are not running Index
>server, yet this patch fixes the crashing problem.
The problem is with a dll file that is installed
the same outages. Any additional help would be appreciated.
-Andrew Lambert
University of Wisconsin - Madison
[EMAIL PROTECTED]
-Original Message-
From: Andy Colvin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 19, 2001 4:08 PM
To: [EMAIL PROTECTED]
Subject: Re: Microsoft IIS problems
Greetings! I created a simple win32 app named winlogon.exe... in win2k Adv
Server, I could end it as an application/task, but not as a process. Maybe
this clears things up a bit...
-Original Message-
From: Justin Nelson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 17, 2001 9:21 AM
To:
stead (having well known
key involved in authentication may have undesirable effect) or start
keyserv with -d flag. If you seek a simpler way (i.e. simpler than
restarting keyserv on every workstation) to instantly "revoke" the magic
phrases encrypted with nobody's key, delete (or rename) /etc/publickey
on every workstation.
Andy.
You should ALWAYS use:
if exist net use /d
before you use "net use" in such a script.
This will unmap the existing network drive (if any) from the
driveletter to be mapped.
Greetz,
Data
-Original Message-
From: Shawn Wright [mailto:mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]]
Se
holes in
default ACLs... Andy.
I'd just like to confirm that the information Mark provided is correct for
outlook 2000 too.
> -Original Message-
> From: Bugtraq List [mailto:[EMAIL PROTECTED]]On Behalf Of Mark
> Sent: 08 November 1999 21:37
> To: [EMAIL PROTECTED]
> Subject: Re: MS Outlook alert : Cuartango Active Setu
oes fix something! But what about
2.5[.1] and 7? Well, 2.5[.1] rpc.cmsd (i.e., both /usr/dt and
/usr/openwin versions) unfortunately do not make any distinguishable
system calls in reply to 'cm_lookup -c [EMAIL PROTECTED][.1].host' and I
can't easily locate relevant code as analyzing the whole disassembler
list doesn't really turn me on. As for 7, I leave it for your
homework...
Andy.
if possible at all) than you might have imagine from my previous post.
Well, all above was about SPARC. On Intel in turn the attack aginst the
current frame is *perfectly* possible and should work like a charm.
Strangely enough corresponding Intel patch is one revision level down
and doesn't mention "buffer overflows in rpc.cmsd" at all. We also know
that CDE code is shared among vendors and there's a chance that systems
other than Solaris are vulnerable.
Andy.
.1] which claims "1264389
rpc.cmsd security problem." fixed. Then there is 104976-03 claiming
"1265008 : Solaris 2.x rpc.cmsd vulnerabity" fixed. Are these the ones
you refer to as "patched versions" and "could be problematic"?
Andy.
30 matches
Mail list logo
