You mean the same guys who brought this? http://pastebin.com/XHyE9UJx
Broken English, email address with capital letters. I'm extremely
skeptical.
On 04/25/14 14:18, Dillon Korman wrote:
Saw a link to this:
http://pastebin.com/qPxR9BRv
There is no actual exploit code in there since they ins
Correction, the second one isn't a format string vulnerability at all.
Don't know what I was thinking there - my bad.
On Sun, 2014-04-13 at 20:00 -0400, Peter Malone wrote:
> Hi there,
>
> Lets take a look at two functions in courier-imap 4.15. The first one is
> emptytrash
Hi there,
Lets take a look at two functions in courier-imap 4.15. The first one is
emptytrash(), and the second one is store_mailbox().
void emptytrash()
{
char*dir, *all_settings, *next_folder, *folder, *p;
unsigned l;
all_settings=getenv("IMAP_EMPTYTRASH");
Unless I'm mistaken, the following memcmp is vulnerable to a remote
timing attack.
https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L1974
static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
{
if (a->ssl_version != b->ssl_version)
return(1);
if (a->se
This code is horrible.
https://github.com/openssl/openssl/blob/master/ssl/t1_lib.c#L2893
/* Determine if we need to see RI. Strictly speaking if we want to
* avoid an attack we should *always* see RI even on initial server
* hello because the client doesn't see any renegotiation during an
* atta
Agreed. Thank you Fyodor!
On Thu, 2014-03-27 at 00:27 +0100, Security @ Planetkips wrote:
> What xyberpix says, thank you Fyodor
>
> Verstuurd vanaf mijn iPad
>
> > Op 26 mrt. 2014 om 19:55 heeft xyberpix het
> > volgende geschreven:
> >
> > Hey all,
> >
> > This is way OT, I know, but I t