| census ID: | census-2009-0004 |
| Affected Products: | Monkey web server versions ≤ 0.9.2. |
| Class: | Improper Input Validation (CWE-20), Incorrect Calculation (CWE-682) |
| Remote: | Yes |
| Discovered by: | Patroklos Argyroudis |
We have discovered a remotely exploitable “improper input validation” vulnerability in the Monkey web server that allows an attacker to perform denial of service attacks by repeatedly crashing worker threads that process HTTP requests.
read more...
census participated in the free/open source event held last month (Friday 23rd of October) at the Hellenic Air Force Academy (Σχολή Ικάρων).
Our talk presented an overview of the available free/open source software that can be used to build complete security solutions for public offices and infrastructure. Furthermore, we analysed recorded cyberwarfare incidents and how the open source model can aid in establishing robust defenses. The slides from our presentation are available here (in Greek).
We would like to cordially thank Professor Antonios Andreatos for inviting us to the event and for his organisational efforts.
| census ID: | census-2009-0003 |
| CVE ID: | CVE-2009-3586 |
| Affected Products: | CoreHTTP web server versions ≤ 0.5.3.1. |
| Class: | Improper Input Validation (CWE-20), Failure to Constrain Operations within the Bounds of a Memory Buffer (CWE-119) |
| Remote: | Yes |
| Discovered by: | Patroklos Argyroudis |
We have discovered a remotely exploitable “improper input validation” vulnerability in the CoreHTTP web server that leads to an off-by-one stack buffer overflow. The vulnerability can lead to denial of service attacks against the web server and potentially to the remote execution of arbitrary code with the privileges of the user running the server.
read more...
| census ID: | census-2009-0005 |
| Affected Products: | Linux kernel versions from 2.6.32 to 2.6.32-rc7. |
| Class: | Off-by-two stack buffer overflow. |
| Discovered by: | Patroklos Argyroudis |
We have found an off-by-two stack buffer overflow in the Linux kernel SUNRPC implementation. Linux kernel versions from 2.6.32 to 2.6.32-rc7 are affected.
read more...
Yesterday I helped my friend
kargig to analyse a rootkit he has recovered from a compromised Linux system. You can find the complete write-up at his
blog.
About four months ago I developed a reliable exploit for vulnerability
CVE-2008-3531, which is also addressed in the advisory
FreeBSD-SA-08:08.nmount. In this post I will use this vulnerability to provide an overview of the development process for FreeBSD kernel stack exploits.
CVE-2008-3531 is a kernel stack overflow vulnerability that affects FreeBSD versions 7.0-RELEASE and 7.0-STABLE, but not 7.1-RELEASE nor 7.1-STABLE as the CVE entry seems to suggest.
read more...
The slides from our secure programming in C talk at the 4th Greek Free/Open Source Developer Conference are now available
at the research section.
census will be participating in the
4th Greek Free/Open Source Developer
Conference organized by EL/LAK in
Athens, Greece on the 19th and 20th of June!
Our talk on Saturday will focus on security issues that manifest during software development
using the C programming language. Although there has been extensive coverage of
this topic in the past, our presentation will provide an up-to-date analysis
of programming bugs that potentially lead to security issues.
During the lunch break on Saturday there will also be a PGP/CACert key signing party.
See here for more details (in Greek).
We hope to see you there!
| census ID: | census-2009-0002 |
| CVE ID: | CVE-2009-1760 |
| Affected Products: | Any application that uses the Rasterbar Software libtorrent library (versions ≤ 0.14.3) for BitTorrent file downloads. |
| Class: | Relative Path Traversal (CWE-23), Improper Handling of Syntactically Invalid Structure (CWE-228) |
| Remote: | Yes |
| Discovered by: | Dimitris Glynos |
We have discovered an “arbitrary file overwrite” vulnerability in libtorrent that allows an
attacker to create and modify arbitrary files (and directories) in remote systems, with the effective rights of the user executing the vulnerable libtorrent-based application.
read more...
Last May (2008/05/30) I presented my research on FreeBSD kernel stack overflows at the University of Piraeus Software Libre Society, Event #16: Computer Security. The slides from the talk are now available in our research section.
read more...
