Sunday, January 24, 2010

Moving - http://www.unsecurityresearch.com

http://www.unsecurityresearch.com will be the new home for security research updates.

Please refer there for all my future advisories and work.

Monday, December 21, 2009

Research updated

The cumulative list of vulnerabilities I've discovered was updated today.
For a full list refer to: http://unsecurityresearch.blogspot.com/2009/02/advisories-upcoming.html

New items are:
Vendor: Oracle
Severity: High
Type: Remote
Status: Under review
Discovered: 1/2010
(Best discovery yet)

Vendor: Oracle
Severity: High
Type: Remote
Status: Under review
Discovered: 12-20-09 

Vendor: Novell
Severity: High
Type: Remote
Status: ZDI-CAN-680
Discovered: 12-04-09

Vendor: Novell
Severity: High
Type: Remote vulnerability
Status: ZDI-CAN-622
Discovered: 9-19-09

Monday, June 1, 2009

Research - Discarded

This section will list potential vulnerabilities that I have discarded.If reporting them to the vendor is easy then you I'll wait for their response before posting.

Firefox - bug 492779
PL_Base64Decode integer overflow
Code changes made: here and here

Looked very promising at first. A common library routine used in many places with a straight forward integer overflow, caused because it multiplied before dividing..Exploitation also looked promising since we could control the amount to overflow the buffer with by using invalid base64 characters to make the decode no-op.

Reason for discarding:
Was unable to trigger it.

Saturday, February 28, 2009

Advisories - Published

Vendor: Novell
Severity: High
Type: Remote vulnerability
Published: ZDI-10-001
Discovered: 02-09
Comments: Interesting that Novell patches the vulnerability and releases patch but advisory is not published until several months later. I wonder if many vendors do this.

Vendor: Sun
Product: Solaris - w(1)
Severity: Medium
Published: Sun Alert
Sun Bug: 6821298
Notes: I respect Sun alot, so no further details provided.

Vendor: IBM
Product: AIX
Severity: Medium
Type: Local privilege escalation
Notes: Three privilege escalations found, Two published

muxatmd buffer overflow
4-15-09 iDefense
Bugtraq ID: 34543

libc arbitrary file overwrite
5-20-09 iDefense
Bugtraq ID: 35034
This is also the first bug I have ever sold, was a rather eye-opening experience.
I really would have expected more from developers working on libc.


My research is published giving credit to: 1c239c43f521145fa8385d64a9c32243
(Except my very first few)

Advisories - Upcoming

Update: http://www.unsecurityresearch.com
Will be the new home for all my security research updates. Please refer there for all my future work and advisories.  The list below is being left but will not be updated.  1-24-2010


Vendor: Oracle
Severity: High
Type: Remote
Status: Under review
Discovered: 1/2010

Vendor: Novell
Severity: Low
Type: Remote
Status: Under review
Discovered: Several months ago, did not submit to ZDI until now since it may have overlapped with previous discovery

Vendor: Oracle
Severity: High
Type: Remote
Status: Under review
Discovered: 12-20-09 

Vendor: Novell
Severity: High
Type: Remote
Status: ZDI-CAN-680
Discovered: 12-04-09

Vendor: Novell
Severity: High
Type: Remote vulnerability
Status: ZDI-CAN-622
Discovered: 9-19-09
 
Vendor: Novell
Severity: High
Type: Remote vulnerability
Status: ZDI-CAN-622
Discovered: 9-16-09

Vendor: Novell
Severity: High
Type: Remote vulnerability
Status: Sold ZDI-CAN-607
Discovered: 8-12-09

Vendor: Novell
Severity: Medium
Type: Remote vulnerability (Post-Auth)
Status: Sold ZDI-CAN-572
Discovered: Can't remember..

Vendor: Novell
Severity: Low
Type: Remote vulnerability
Status: Sold ZDI-CAN-477
Discovered: 2-29-09

Vendor: IBM
Severity: Medium
Type: Local privilege escalation
2 published, 4-15-09 iDefense, 5-20-09 iDefense
1 unpublished

Vendor: Sun
Severity: Medium
Status: Reported to Sun - Sun bugs 6821298, 6821299
6821298 - Fixed - Sun Alert


Vendor: Novell
Severity: Low
Status: Sold - ZDI-CAN-440, ZDI-CAN-445
Discovered: 02-09


If you would like to fund research into a particular application, contact me.
If you would like to purchase anything listed as For Sale, contact me