An internal iDEFENSE Labs tool, IDA Sync, has been released as open
source and is available for download from:
http://labs.idefense.com
IDA Sync was written to allow multiple analysts to synchronize their
reverse engineering efforts with IDA Pro in real time. Users connect to
a central
iDEFENSE Labs is pleased to announce the launch of our community site:
http://labs.idefense.com
This site will serve as our repository for sharing our research and
development with the security community, including the release of free
software tools. Currently you can find the following at
These recent postings and all past postings from [EMAIL PROTECTED] do
not come from iDEFENSE or any of it's employees.
Michael Sutton
Director, iDEFENSE Labs
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-discl
Stefan,
We were aware that the vulnerability had been patched due to the work of
Sebastian Krahmer and yourself as this was mentioned by CVS during the
vendor disclosure process. We chose to proceed with the disclosure as it
did not appear that the CVE number for this issue had been
reserved/publi
ndor response
03/11/2004 iDEFENSE clients notified
06/07/2004 Vendor update released
07/12/2004 Public Disclosure
Greg pointed out my error shortly after the advisory was sent.
Regards,
Michael Sutton
Director, iDEFENSE Labs
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[E
, iDEFENSE Labs
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
iDEFENSE Security Advisory 02.23.04
Darwin Streaming Server Remote Denial of Service Vulnerability
http://www.idefense.com/application/poi/display?id=75
February 23, 2004
I. BACKGROUND
Darwin Streaming Server is server technology allowing for the streaming
of QuickTime data to clients across the
iDEFENSE Security Advisory 02.17.04
Ipswitch IMail LDAP Daemon Remote Buffer Overflow
http://www.idefense.com/application/poi/display?id=74
February 17, 2004
I. BACKGROUND
Ipswitch IMail server is a Windows based messaging solution with a
customer base of over 53 million users. More information
fied
February 12, 2004 Public disclosure
VIII. CREDIT
Greg MacManus (iDEFENSE Labs) is credited with this discovery.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ved from David Dawes at XFree86.org
February 4, 2004iDEFENSE clients notified
February 10, 2004Public disclosure
VIII. CREDIT
Greg MacManus (iDEFENSE Labs) is credited with the discovery of this
vulnerability.
-BEGIN PGP SIGNATURE-
Version: PGP 8.0.3
iQA/AwUBQCkyufrkky7k
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 09.16.03:
http://www.idefense.com/advisory/09.16.03.txt
Remote Root Exploitation of Default Solaris sadmind Setting
September 16, 2003
I. BACKGROUND
Solstice AdminSuite is a set of tools packaged by Sun Microsystems Inc.
in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 09.10.03:
http://www.idefense.com/advisory/09.10.03.txt
Two Exploitable Overflows in PINE
September 10, 2003
I. BACKGROUND
PINE (The Program for Internet News & Email) is a popular e-mail client
shipped with many Linux and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 07.29.03:
http://www.idefense.com/advisory/07.29.03.txt
Buffer Overflow in Sun Solaris Runtime Linker
July 29, 2003
I. BACKGROUND
The Solaris runtime linker, ld.so.1(1), processes dynamic executables
and shared objects at r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 07.11.03:
http://www.idefense.com/advisory/07.11.03.txt
Win32 Message Vulnerabilities Redux
July 11, 2003
About one year ago, Chris Paget published a pair of papers that
described fundamental flaws in the way the Microsoft C
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 07.01.03:
http://www.idefense.com/advisory/07.01.03.txt
Caché Insecure Installation File and Directory Permissions
July 1, 2003
I. BACKGROUND
InterSystems Corp.s Caché is a post-relational database for
e-applications that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 06.16.03:
http://www.idefense.com/advisory/06.16.03.txt
Linux-PAM getlogin() Spoofing Vulnerability
June 16, 2003
I. BACKGROUND
The Pluggable Authentication Module (PAM) is a flexible mechanism for
authenticating users. Mor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 06.11.03:
http://www.idefense.com/advisory/06.11.03.txt
Denial of Service Vulnerability in SMC Networks' Barricade Wireless
Router
June 11, 2003
I. BACKGROUND
SMC Networks' Barricade Wireless Cable/DSL Broadband Router, ver
//httpd.apache.org/download.cgi .
VII. CVE INFORMATION
The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project
has assigned the identification number CAN-2003-0245 to this issue.
VIII. DISCLOSURE TIMELINE
03/19/2003 Issue disclosed to iDEFENSE
04/08/2003 iDEFENS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 04.08.03:
http://www.idefense.com/advisory/04.08.03.txt
Denial of Service in Apache HTTP Server 2.x
April 8, 2003
I. BACKGROUND
The Apache Software Foundation's HTTP Server Project is an effort to
develop and maintain an op
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 03.31.03:
http://www.idefense.com/advisory/03.31.03.txt
Buffer Overflow in Windows QuickTime Player
March 31, 2003
I. BACKGROUND
QuickTime Player is a popular media player for both the Microsoft Windows
and Apple Mac platfo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 03.04.03:
http://www.idefense.com/advisory/03.04.03.txt
Locally Exploitable Buffer Overflow in file(1)
March 4, 2003
I. BACKGROUND
file(1) is an application that utilizes a magic file (typically located in
/usr/share/magic)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 02.27.03:
http://www.idefense.com/advisory/02.27.03.txt
TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsing
February 27, 2003
I. BACKGROUND
TCPDUMP is a widely used network debugging tool that prints out the
h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 02.12.03:
http://www.idefense.com/advisory/02.12.03.txt
Buffer Overflow in AIX libIM.a
February 12, 2003
I. BACKGROUND
Advanced Interactive eXecutive (AIX) is IBM Corp.'s Unix operating system
implementation, native to pSer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 02.10.03:
http://www.idefense.com/advisory/02.10.03.txt
Buffer Overflow In NOD32 Antivirus Software for Unix
February 10, 2003
I. BACKGROUND
Eset Software's NOD32 Antivirus System is a cross-platform anti-virus
application.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux
printer-drivers Package
http://www.idefense.com/advisory/01.21.03.txt
January 21, 2003
I. BACKGROUND
MandrakeSoft Inc.'s Mandrake Linux includes the printer-drivers package in
mo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 12.23.02:
http://www.idefense.com/advisory/12.23.02.txt
Integer Overflow in pdftops
December 23, 2002
Reference Advisory: http://www.idefense.com/advisory/12.19.02.txt
[Multiple Security Vulnerabilities in Common Unix Print
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 12.19.02:
http://www.idefense.com/advisory/12.19.02.txt
Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
December 19, 2002
I. BACKGROUND
Easy Software Products' Common Unix Printing System (CUPS) is
27 matches
Mail list logo