Vendor: Novell
Severity: High
Type: Remote vulnerability
Published: ZDI-10-001
Discovered: 02-09
Comments: Interesting that Novell patches the vulnerability and releases patch but advisory is not published until several months later. I wonder if many vendors do this.
Vendor: Sun
Product: Solaris - w(1)
Severity: Medium
Published: Sun Alert
Sun Bug: 6821298
Notes: I respect Sun alot, so no further details provided.
Vendor: IBM
Product: AIX
Severity: Medium
Type: Local privilege escalation
Notes: Three privilege escalations found, Two published
muxatmd buffer overflow
4-15-09 iDefense
Bugtraq ID: 34543
libc arbitrary file overwrite
5-20-09 iDefense
Bugtraq ID: 35034
This is also the first bug I have ever sold, was a rather eye-opening experience.
I really would have expected more from developers working on libc.
My research is published giving credit to: 1c239c43f521145fa8385d64a9c32243
(Except my very first few)
Saturday, February 28, 2009
Advisories - Upcoming
Update: http://www.unsecurityresearch.com
Will be the new home for all my security research updates. Please refer there for all my future work and advisories. The list below is being left but will not be updated. 1-24-2010
Vendor: Oracle
Severity: High
Type: Remote
Status: Under review
Discovered: 1/2010
Vendor: Novell
Severity: Low
Type: Remote
Status: Under review
Discovered: Several months ago, did not submit to ZDI until now since it may have overlapped with previous discovery
Vendor: Oracle
Severity: High
Type: Remote
Status: Under review
Discovered: 12-20-09
Vendor: Novell
Severity: High
Type: Remote
Status: ZDI-CAN-680
Discovered: 12-04-09
Vendor: Novell
Severity: High
Type: Remote vulnerability
Status: ZDI-CAN-622
Discovered: 9-19-09
Vendor: Novell
Severity: High
Type: Remote vulnerability
Status: ZDI-CAN-622
Discovered: 9-16-09
Vendor: Novell
Severity: High
Type: Remote vulnerability
Status: Sold ZDI-CAN-607
Discovered: 8-12-09
Vendor: Novell
Severity: Medium
Type: Remote vulnerability (Post-Auth)
Status: Sold ZDI-CAN-572
Discovered: Can't remember..
Vendor: Novell
Severity: Low
Type: Remote vulnerability
Status: Sold ZDI-CAN-477
Discovered: 2-29-09
Vendor: IBM
Severity: Medium
Type: Local privilege escalation
2 published, 4-15-09 iDefense, 5-20-09 iDefense
1 unpublished
Vendor: Sun
Severity: Medium
Status: Reported to Sun - Sun bugs 6821298, 6821299
6821298 - Fixed - Sun Alert
Vendor: Novell
Severity: Low
Status: Sold - ZDI-CAN-440, ZDI-CAN-445
Discovered: 02-09
If you would like to fund research into a particular application, contact me.
If you would like to purchase anything listed as For Sale, contact me
Will be the new home for all my security research updates. Please refer there for all my future work and advisories. The list below is being left but will not be updated. 1-24-2010
Vendor: Oracle
Severity: High
Type: Remote
Status: Under review
Discovered: 1/2010
Vendor: Novell
Severity: Low
Type: Remote
Status: Under review
Discovered: Several months ago, did not submit to ZDI until now since it may have overlapped with previous discovery
Vendor: Oracle
Severity: High
Type: Remote
Status: Under review
Discovered: 12-20-09
Vendor: Novell
Severity: High
Type: Remote
Status: ZDI-CAN-680
Discovered: 12-04-09
Vendor: Novell
Severity: High
Type: Remote vulnerability
Status: ZDI-CAN-622
Discovered: 9-19-09
Vendor: Novell
Severity: High
Type: Remote vulnerability
Status: ZDI-CAN-622
Discovered: 9-16-09
Vendor: Novell
Severity: High
Type: Remote vulnerability
Status: Sold ZDI-CAN-607
Discovered: 8-12-09
Vendor: Novell
Severity: Medium
Type: Remote vulnerability (Post-Auth)
Status: Sold ZDI-CAN-572
Discovered: Can't remember..
Vendor: Novell
Severity: Low
Type: Remote vulnerability
Status: Sold ZDI-CAN-477
Discovered: 2-29-09
Vendor: IBM
Severity: Medium
Type: Local privilege escalation
2 published, 4-15-09 iDefense, 5-20-09 iDefense
1 unpublished
Vendor: Sun
Severity: Medium
Status: Reported to Sun - Sun bugs 6821298, 6821299
6821298 - Fixed - Sun Alert
Vendor: Novell
Severity: Low
Status: Sold - ZDI-CAN-440, ZDI-CAN-445
Discovered: 02-09
If you would like to fund research into a particular application, contact me.
If you would like to purchase anything listed as For Sale, contact me
Subscribe to:
Posts (Atom)