Slashdot Mirror

← Back to Domains

Domain: security-protocols.com

Stories and comments across the archive that link to security-protocols.com.

Comments · 39

  1. The backdoor from hell by packetmon · · Score: 4, Interesting · on First OpenOffice Virus, Not In the Wild

    So how long should we count down to until someone embeds the backdoor from hell in not only Linux, but Solaris, then the BSD's... As an FYI... I've got a functional backdoor-worm for Free and Open ... Just makes no sense to even post it. Many don't even get what I mean when I state "there is a world of pain coming your way if you do that" ... Mark the calendars, I give it about 9 months before something ala SOBig/Blaster hits the *nix scene...

  2. Re:What purpose? by Anonymous Coward · · Score: 2, Interesting · on Apple Patch Released, But Is It Enough?

    I'm surprised people still take this guy seriously. He's _not_ a security researcher, in fact a browsing of the bugzilla archives will uncover lots of "bug reports" and "vulnerabilities" that are simply wrong. Check this out (won't work from slashdot, copy and paste into a new tab/window):

    https://bugzilla.mozilla.org/show_bug.cgi?query_fo rmat=specific&order=relevance+desc&bug_status=__op en__&id=303433

    Read through it and you'll see the guy is a complete hack. He even issued an advisory when he didn't even understand the kind of overflow. ... posting from work so I'm AC for now ...

  3. Re:Heh. by hackstraw · · Score: -1, Troll · on Macs May No Longer Be Immune to Viruses

    Here, we call it slashvertisements. I dunno about MSNBC.

    Bill has one hell of a homepage: http://www.information-about.org/

    And, the security expert(:?s)? at http://www.security-protocols.com/about-us.php are surely up on the game.

    I guess its just as stupid as me paying to post here.

  4. OSX BOM ArchiveHelper Heap Overflow (reported 2/21 by Anonymous Coward · · Score: -1, Offtopic · on eBay Looking for Allies Against Google

    Apple OS X BOM ArchiveHelper .zip Heap Overflow

    Release Date:
    April 19th, 2006
    Severity:
    Medium
    Vendor:
    Apple
    Versions Affected:
    Apple OS X 10.4.6 and prior
    BomArchiveHelper 10.4 (6.3) Build 312

    Overview:
    BOMArchiveHelper is the default archive file handler in Mac OS X. It runs as a service that does not have a GUI interface. It is invoked when double clicking on a archived file. A heap overflow vulnerability exists within BOMArchiveHelper which allows for an attacker to cause the application to crash, and or to execute arbitrary code on a targeted host.

    Technical Details:
    When decompressing specially crafted .zip file, the BOMStackPop () function incorrectly parses the malformed data and causes the application to segmentation fault.

    Below the crash is triggered on OS X (PPC) 10.4.6 within gdb:

    Program received signal EXC_BAD_ACCESS, Could not access memory.
    Reason: KERN_INVALID_ADDRESS at address: 0x756e8897
    [Switching to process 411 thread 0x3a03]
    0x94498c14 in BOMStackPop ()
    (gdb) bt
    #0 0x94498c14 in BOMStackPop ()
    #1 0x944994e4 in _copyDir ()
    #2 0x944ab8fc in _copyFromPKZip ()
    #3 0x94499060 in _copyDir ()
    #4 0x944ab8fc in _copyFromPKZip ()
    #5 0x944aa1ac in _BOMCopierCopyFromPKZip ()
    #6 0x9449f270 in BOMCopierCopyWithOptions ()
    #7 0x0000c8cc in ?? ()
    #8 0x0000c1a0 in ?? ()
    #9 0x00007360 in ?? ()
    #10 0x00005938 in ?? ()
    #11 0x928d46d4 in forkThreadForFunction ()
    #12 0x9002b200 in _pthread_body ()
    (gdb) disas BOMStackPop
    Dump of assembler code for function BOMStackPop:
    0x94498c08 : mr. r3,r3
    0x94498c0c : li r11,0 0x94498c10 : beq- 0x94498c3c
    0x94498c14 : lwz r2,8(r3)
    0x94498c18 : cmpwi cr7,r2,0
    0x94498c1c : ble- cr7,0x94498c3c
    0x94498c20 : addi r2,r2,-1
    0x94498c24 : lwz r9,0(r3)
    0x94498c28 : li r0,0
    0x94498c2c : stw r2,8(r3)
    0x94498c30 : rlwinm r2,r2,2,0,29
    0x94498c34 : lwzx r11,r2,r9
    0x94498c38 : stwx r0,r2,r9
    0x94498c3c : mr r3,r11
    0x94498c40 : blr
    End of assembler dump.
    Solution:
    This vulnerability was to Apple on 2/21/2006. No patch is available at this time.

    Discovered by:
    Tom Ferris
    tommy[at]security-protocols[dot]com
    Related Links:
    http://www.security-protocols.com/poc/sp-x25.zip
    http://www.security-protocols.com/sp-x25-advisory. php
    http://www.apple.com/macosx/

    Copyright (c) 2006 Security-Protocols.com

  5. OSX BOM ArchiveHelper Heap Overflow (reported 2/21 by Anonymous Coward · · Score: -1, Offtopic · on eBay Looking for Allies Against Google

    Apple OS X BOM ArchiveHelper .zip Heap Overflow

    Release Date:
    April 19th, 2006
    Severity:
    Medium
    Vendor:
    Apple
    Versions Affected:
    Apple OS X 10.4.6 and prior
    BomArchiveHelper 10.4 (6.3) Build 312

    Overview:
    BOMArchiveHelper is the default archive file handler in Mac OS X. It runs as a service that does not have a GUI interface. It is invoked when double clicking on a archived file. A heap overflow vulnerability exists within BOMArchiveHelper which allows for an attacker to cause the application to crash, and or to execute arbitrary code on a targeted host.

    Technical Details:
    When decompressing specially crafted .zip file, the BOMStackPop () function incorrectly parses the malformed data and causes the application to segmentation fault.

    Below the crash is triggered on OS X (PPC) 10.4.6 within gdb:

    Program received signal EXC_BAD_ACCESS, Could not access memory.
    Reason: KERN_INVALID_ADDRESS at address: 0x756e8897
    [Switching to process 411 thread 0x3a03]
    0x94498c14 in BOMStackPop ()
    (gdb) bt
    #0 0x94498c14 in BOMStackPop ()
    #1 0x944994e4 in _copyDir ()
    #2 0x944ab8fc in _copyFromPKZip ()
    #3 0x94499060 in _copyDir ()
    #4 0x944ab8fc in _copyFromPKZip ()
    #5 0x944aa1ac in _BOMCopierCopyFromPKZip ()
    #6 0x9449f270 in BOMCopierCopyWithOptions ()
    #7 0x0000c8cc in ?? ()
    #8 0x0000c1a0 in ?? ()
    #9 0x00007360 in ?? ()
    #10 0x00005938 in ?? ()
    #11 0x928d46d4 in forkThreadForFunction ()
    #12 0x9002b200 in _pthread_body ()
    (gdb) disas BOMStackPop
    Dump of assembler code for function BOMStackPop:
    0x94498c08 : mr. r3,r3
    0x94498c0c : li r11,0 0x94498c10 : beq- 0x94498c3c
    0x94498c14 : lwz r2,8(r3)
    0x94498c18 : cmpwi cr7,r2,0
    0x94498c1c : ble- cr7,0x94498c3c
    0x94498c20 : addi r2,r2,-1
    0x94498c24 : lwz r9,0(r3)
    0x94498c28 : li r0,0
    0x94498c2c : stw r2,8(r3)
    0x94498c30 : rlwinm r2,r2,2,0,29
    0x94498c34 : lwzx r11,r2,r9
    0x94498c38 : stwx r0,r2,r9
    0x94498c3c : mr r3,r11
    0x94498c40 : blr
    End of assembler dump.
    Solution:
    This vulnerability was to Apple on 2/21/2006. No patch is available at this time.

    Discovered by:
    Tom Ferris
    tommy[at]security-protocols[dot]com
    Related Links:
    http://www.security-protocols.com/poc/sp-x25.zip
    http://www.security-protocols.com/sp-x25-advisory. php
    http://www.apple.com/macosx/

    Copyright (c) 2006 Security-Protocols.com

  6. MULTIPLE CRITICAL OSX VUL:NS by Anonymous Coward · · Score: -1, Troll · on eBay Looking for Allies Against Google

    This has not been accepted as a story, and is of ciritical importance to OSX users. From SANS' incidnets'org page:

    Reports of multiple OS X vulnerabilities with PoC (NEW)
    Published: 2006-04-21,
    Last Updated: 2006-04-21 19:46:40 UTC by Adrien de Beaupre (Version: 1)

    Multiple vulnerabilities have been reported in Apple Mac OS X and applications. Proof of Concept code has already been posted along with the information regarding the vulnerabilities. At this time no patches or workarounds appear to be available for the majority of the vulnerabilities. The impact is Denial of Service or arbitrary code executed remotely, and severity is highly critical.

    Links to advisories:

    Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
    http://www.security-protocols.com/sp-x24-advisory. php

    Apple OS X BOM ArchiveHelper .zip Heap Overflow
    http://www.security-protocols.com/sp-x25-advisory. php

    Apple OS X Safari 2.0.3 Multiple Vulnerabilities
    http://www.security-protocols.com/sp-x26-advisory. php

    Apple OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
    http://www.security-protocols.com/sp-x27-advisory. php

    Apple OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
    http://www.security-protocols.com/sp-x28-advisory. php

    Apple OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
    http://www.security-protocols.com/sp-x29-advisory. php

    Apple OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
    http://www.security-protocols.com/sp-x30-advisory. php

    Mod htis up as a public service.

  7. MULTIPLE CRITICAL OSX VUL:NS by Anonymous Coward · · Score: -1, Troll · on eBay Looking for Allies Against Google

    This has not been accepted as a story, and is of ciritical importance to OSX users. From SANS' incidnets'org page:

    Reports of multiple OS X vulnerabilities with PoC (NEW)
    Published: 2006-04-21,
    Last Updated: 2006-04-21 19:46:40 UTC by Adrien de Beaupre (Version: 1)

    Multiple vulnerabilities have been reported in Apple Mac OS X and applications. Proof of Concept code has already been posted along with the information regarding the vulnerabilities. At this time no patches or workarounds appear to be available for the majority of the vulnerabilities. The impact is Denial of Service or arbitrary code executed remotely, and severity is highly critical.

    Links to advisories:

    Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
    http://www.security-protocols.com/sp-x24-advisory. php

    Apple OS X BOM ArchiveHelper .zip Heap Overflow
    http://www.security-protocols.com/sp-x25-advisory. php

    Apple OS X Safari 2.0.3 Multiple Vulnerabilities
    http://www.security-protocols.com/sp-x26-advisory. php

    Apple OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
    http://www.security-protocols.com/sp-x27-advisory. php

    Apple OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
    http://www.security-protocols.com/sp-x28-advisory. php

    Apple OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
    http://www.security-protocols.com/sp-x29-advisory. php

    Apple OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
    http://www.security-protocols.com/sp-x30-advisory. php

    Mod htis up as a public service.

  8. MULTIPLE CRITICAL OSX VUL:NS by Anonymous Coward · · Score: -1, Troll · on eBay Looking for Allies Against Google

    This has not been accepted as a story, and is of ciritical importance to OSX users. From SANS' incidnets'org page:

    Reports of multiple OS X vulnerabilities with PoC (NEW)
    Published: 2006-04-21,
    Last Updated: 2006-04-21 19:46:40 UTC by Adrien de Beaupre (Version: 1)

    Multiple vulnerabilities have been reported in Apple Mac OS X and applications. Proof of Concept code has already been posted along with the information regarding the vulnerabilities. At this time no patches or workarounds appear to be available for the majority of the vulnerabilities. The impact is Denial of Service or arbitrary code executed remotely, and severity is highly critical.

    Links to advisories:

    Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
    http://www.security-protocols.com/sp-x24-advisory. php

    Apple OS X BOM ArchiveHelper .zip Heap Overflow
    http://www.security-protocols.com/sp-x25-advisory. php

    Apple OS X Safari 2.0.3 Multiple Vulnerabilities
    http://www.security-protocols.com/sp-x26-advisory. php

    Apple OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
    http://www.security-protocols.com/sp-x27-advisory. php

    Apple OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
    http://www.security-protocols.com/sp-x28-advisory. php

    Apple OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
    http://www.security-protocols.com/sp-x29-advisory. php

    Apple OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
    http://www.security-protocols.com/sp-x30-advisory. php

    Mod htis up as a public service.

  9. MULTIPLE CRITICAL OSX VUL:NS by Anonymous Coward · · Score: -1, Troll · on eBay Looking for Allies Against Google

    This has not been accepted as a story, and is of ciritical importance to OSX users. From SANS' incidnets'org page:

    Reports of multiple OS X vulnerabilities with PoC (NEW)
    Published: 2006-04-21,
    Last Updated: 2006-04-21 19:46:40 UTC by Adrien de Beaupre (Version: 1)

    Multiple vulnerabilities have been reported in Apple Mac OS X and applications. Proof of Concept code has already been posted along with the information regarding the vulnerabilities. At this time no patches or workarounds appear to be available for the majority of the vulnerabilities. The impact is Denial of Service or arbitrary code executed remotely, and severity is highly critical.

    Links to advisories:

    Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
    http://www.security-protocols.com/sp-x24-advisory. php

    Apple OS X BOM ArchiveHelper .zip Heap Overflow
    http://www.security-protocols.com/sp-x25-advisory. php

    Apple OS X Safari 2.0.3 Multiple Vulnerabilities
    http://www.security-protocols.com/sp-x26-advisory. php

    Apple OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
    http://www.security-protocols.com/sp-x27-advisory. php

    Apple OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
    http://www.security-protocols.com/sp-x28-advisory. php

    Apple OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
    http://www.security-protocols.com/sp-x29-advisory. php

    Apple OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
    http://www.security-protocols.com/sp-x30-advisory. php

    Mod htis up as a public service.

  10. MULTIPLE CRITICAL OSX VUL:NS by Anonymous Coward · · Score: -1, Troll · on eBay Looking for Allies Against Google

    This has not been accepted as a story, and is of ciritical importance to OSX users. From SANS' incidnets'org page:

    Reports of multiple OS X vulnerabilities with PoC (NEW)
    Published: 2006-04-21,
    Last Updated: 2006-04-21 19:46:40 UTC by Adrien de Beaupre (Version: 1)

    Multiple vulnerabilities have been reported in Apple Mac OS X and applications. Proof of Concept code has already been posted along with the information regarding the vulnerabilities. At this time no patches or workarounds appear to be available for the majority of the vulnerabilities. The impact is Denial of Service or arbitrary code executed remotely, and severity is highly critical.

    Links to advisories:

    Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
    http://www.security-protocols.com/sp-x24-advisory. php

    Apple OS X BOM ArchiveHelper .zip Heap Overflow
    http://www.security-protocols.com/sp-x25-advisory. php

    Apple OS X Safari 2.0.3 Multiple Vulnerabilities
    http://www.security-protocols.com/sp-x26-advisory. php

    Apple OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
    http://www.security-protocols.com/sp-x27-advisory. php

    Apple OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
    http://www.security-protocols.com/sp-x28-advisory. php

    Apple OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
    http://www.security-protocols.com/sp-x29-advisory. php

    Apple OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
    http://www.security-protocols.com/sp-x30-advisory. php

    Mod htis up as a public service.

  11. MULTIPLE CRITICAL OSX VUL:NS by Anonymous Coward · · Score: -1, Troll · on eBay Looking for Allies Against Google

    This has not been accepted as a story, and is of ciritical importance to OSX users. From SANS' incidnets'org page:

    Reports of multiple OS X vulnerabilities with PoC (NEW)
    Published: 2006-04-21,
    Last Updated: 2006-04-21 19:46:40 UTC by Adrien de Beaupre (Version: 1)

    Multiple vulnerabilities have been reported in Apple Mac OS X and applications. Proof of Concept code has already been posted along with the information regarding the vulnerabilities. At this time no patches or workarounds appear to be available for the majority of the vulnerabilities. The impact is Denial of Service or arbitrary code executed remotely, and severity is highly critical.

    Links to advisories:

    Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
    http://www.security-protocols.com/sp-x24-advisory. php

    Apple OS X BOM ArchiveHelper .zip Heap Overflow
    http://www.security-protocols.com/sp-x25-advisory. php

    Apple OS X Safari 2.0.3 Multiple Vulnerabilities
    http://www.security-protocols.com/sp-x26-advisory. php

    Apple OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
    http://www.security-protocols.com/sp-x27-advisory. php

    Apple OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
    http://www.security-protocols.com/sp-x28-advisory. php

    Apple OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
    http://www.security-protocols.com/sp-x29-advisory. php

    Apple OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
    http://www.security-protocols.com/sp-x30-advisory. php

    Mod htis up as a public service.

  12. MULTIPLE CRITICAL OSX VUL:NS by Anonymous Coward · · Score: -1, Troll · on eBay Looking for Allies Against Google

    This has not been accepted as a story, and is of ciritical importance to OSX users. From SANS' incidnets'org page:

    Reports of multiple OS X vulnerabilities with PoC (NEW)
    Published: 2006-04-21,
    Last Updated: 2006-04-21 19:46:40 UTC by Adrien de Beaupre (Version: 1)

    Multiple vulnerabilities have been reported in Apple Mac OS X and applications. Proof of Concept code has already been posted along with the information regarding the vulnerabilities. At this time no patches or workarounds appear to be available for the majority of the vulnerabilities. The impact is Denial of Service or arbitrary code executed remotely, and severity is highly critical.

    Links to advisories:

    Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
    http://www.security-protocols.com/sp-x24-advisory. php

    Apple OS X BOM ArchiveHelper .zip Heap Overflow
    http://www.security-protocols.com/sp-x25-advisory. php

    Apple OS X Safari 2.0.3 Multiple Vulnerabilities
    http://www.security-protocols.com/sp-x26-advisory. php

    Apple OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
    http://www.security-protocols.com/sp-x27-advisory. php

    Apple OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
    http://www.security-protocols.com/sp-x28-advisory. php

    Apple OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
    http://www.security-protocols.com/sp-x29-advisory. php

    Apple OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
    http://www.security-protocols.com/sp-x30-advisory. php

    Mod htis up as a public service.

  13. IM Logic withholds details of Santa Claus worm, un by themepsp · · Score: 2, Interesting · on Santa IM Worm Hits AOL, MSN and Yahoo

    Please read this post regarding IM Logic: http://security-protocols.com/modules.php?name=New s&file=article&sid=3135 "If you have been looking for more details on the IM.GiftCom.All threat, you won't find them. Why, you ask? Two reasons, first, IM Logic didn't release any and second, you are most likely not an IM Logic customer. IM Logic withholds details of Santa Claus worm, unless you're a customer IM Logic withholds details of Santa Claus worm, unless you're a customer On Dec. 19th IM Logic released an advisory about a worm spreading through all major IM clients. See advisory for details, or lack thereof. You will need to search for IM.GiftCom.All at http://www.imlogic.com/im_threat_center/index.asp If you have been looking for more details on the IM.GiftCom.All threat you won't find them. Why, you ask? Two reasons, first, IM Logic didn't release any and second, you are most likely not an IM Logic customer. IM Logic did not publicly release any actionable information that would help the community at large. Not because they don't have the details, but because they only share that with paying customers, according to Tim Johnson, the Director of IM Logic's threat center. Mr. Johnson also said that "this is not unethical" and he doesn't see what all the fuss is about. All you have to do is buy the company's product and you will be protected. Johnson did mention that they have a process they follow. They first create the signatures for their products, and then they notify all the affect vendors. Don't worry; the vendors will fix it ASAP. Then they tell the antivirus vendors about what they know. Hopefully they can detect and stop any current infections, if not...your screwed. Then you as a non-customer have the opportunity to wait for a signature to come out by your antivirus vendor so that you can tell if a hacker has a rootkit loaded in your environment. Oh wait, darn it, I almost forgot, according to the official advisory, antivirus vendors can't detect Santa Claus; apparently Santa can put your antivirus to sleep. I always thought Santa knew if you were sleeping, not able to put you to sleep; but I digress. So what is the world and security community supposed to do? Well according to IM Logic, pay them the money and they will take care of it for you. Hmm, I wonder where else we find this type of behavior. Hold on guys, Toni the Bull is at my back door, brb, need 2 make my "insurance payment" AFK.... Back, sorry it took so long. I just hurt my knee; I was short on my "insurance payment" this month. Anyway, haven't we been down this road before? Security companies should follow the same procedures that ethical and responsible researchers follow when disclosing vulnerabilities. Most companies are responsible, those that aren't... should we reward them by purchase order? Not this security guy. "

  14. Firefox's Security by themepsp · · Score: 0 · on Firefox Achieves 10% Global Market Share

    Firefox is still no where near being secure as it should be for mainstream. Remember the IDN flaw which affected everything? This flaw still hasnt been fixed either: http://security-protocols.com/advisory/sp-x19-advi sory.txt/

  15. Warning by Anonymous Coward · · Score: 0 · on Is The Firefox Honeymoon Over?

    There is a new crashing bug in Deer Park Firefox, but not in Firefox 1.0.x. There is no patch either! Disabling IDN or using the latest nightlies doesn't stop it from crashing. It's being reported by Tom Ferris again and he has a test page here.

  16. Warning by Anonymous Coward · · Score: 0 · on Is The Firefox Honeymoon Over?

    There is a new crashing bug in Deer Park Firefox, but not in Firefox 1.0.x. There is no patch either! Disabling IDN or using the latest nightlies doesn't stop it from crashing. It's being reported by Tom Ferris again and he has a test page here.

  17. Ferris by Anonymous Coward · · Score: 0 · on Patch & Workaround for Firefox Flaw Available

    Here's the link to Ferris's site's article on this: Ferris vuln report

    Also, that page apparently has some (quite simple) test code "linked" to here: vuln test code

    I must say, I don't appreciate having to scramble because he wanted some notoriety. 2 days from notify to disclose? Greetz indeed.

    Ferris -1, Jerk

  18. Ferris by Anonymous Coward · · Score: 0 · on Patch & Workaround for Firefox Flaw Available

    Here's the link to Ferris's site's article on this: Ferris vuln report

    Also, that page apparently has some (quite simple) test code "linked" to here: vuln test code

    I must say, I don't appreciate having to scramble because he wanted some notoriety. 2 days from notify to disclose? Greetz indeed.

    Ferris -1, Jerk

  19. Re:Done and... by jpostel · · Score: 2, Insightful · on Patch & Workaround for Firefox Flaw Available

    Another thing that annoys me about this is the coverage of this flaw seems to indicate that this was unpatched for a while. This one is an example http://www.securityfocus.com/news/11308. Yet the original discovery was 9/4/2005 according to Tom Ferris' website http://www.security-protocols.com/advisory/sp-x17- advisory.txt

    This bug was found and a work around was provided 6 days later. Is this unreasonable? If a patch were provided a week from now, would that be unreasonable?

    I think that full disclosure is good, but giving a reasonable amount of time to patch a flaw is better. If we find out that Tom Ferris provided a patch to Mozilla that they ignored or rejected, then it changes things little, but releasing the vulnerability after 5 days due to a "run-in with Mozilla staff" http://news.com.com/Unpatched+Firefox+flaw+may+exp ose+users/2100-1002_3-5856201.html does not portray Tom Ferris in a good light.

  20. Has anyone reproduced this problem? by 0x0000 · · Score: 1 · on Unpatched Firefox Flaw May Expose Users

    I set up a URL like the one shown in the advisory and when regardless of whether I paste it to the URL bar or click it in a webpage, Firefox changes the link to "keyword:---[...]" and takes me to a page that explains the operation of the Google "I Feel Lucky" function. I was expecting the browser to crash....

    This is Firefox 1.0.6 under SuSE 9.2 (patched),

  21. Security-protocols removed article's comments by gbitten · · Score: 1 · on Unpatched Firefox Flaw May Expose Users

    I made a comment in Security-protocols article . But some time later, they removed all comments. This is really strange.

  22. Re:Proof of concept by ikkonoishi · · Score: 1 · on Unpatched Firefox Flaw May Expose Users

    Real proof of concept.

    Works on Deer Park Beta 1/Windows XP

  23. Re:using extensions against explits by ikkonoishi · · Score: 1 · on Unpatched Firefox Flaw May Expose Users

    Go here and say that

  24. Re:Nope - not on my v1.06 Firefox by radish · · Score: 1 · on Unpatched Firefox Flaw May Expose Users

    Try this. As mentioned above, you're probably using the wrong hyphen character.

  25. Re:Proof of concept by Intron · · Score: 1 · on Unpatched Firefox Flaw May Expose Users

    You are going to the advisory site. It has text describing the html code, not the html code itself. A link to the actual exploit code was posted below by AC. It is here

  26. Re:So what should I do? by Anonymous Coward · · Score: 0 · on Unpatched Firefox Flaw May Expose Users

    If I click here (it's a proof-of-concept page) my browser crashes. But I'm using Mozilla 1.7.11.

  27. No no no by Anonymous Coward · · Score: 0 · on Unpatched Firefox Flaw May Expose Users

    There seems to be some confusion about the POC and this exploit. The problem doesn't lie in actually clicking the link, the problem lies in the fact that the link actually exists on the page. Does opening this page not crash your browser? _Then_ you can say the exploit doesn't work.

  28. Re:Nope - not on my v1.06 Firefox by cortana · · Score: 2, Informative · on Unpatched Firefox Flaw May Expose Users

    The advisory isn't talking about "0+002D HYPHEN-MINUS". Try the sample exploit. Freezes Firefox and Epiphany cold here.

    $ GET www.security-protocols.com/firefox-death.html | xxd
    0000000: 3c41 2048 5245 463d 6874 7470 733a adad <A HREF=https:..
    0000010: adad adad adad adad adad adad adad adad ................
    0000020: adad adad adad adad adad adad adad adad ................
    0000030: adad adad adad adad adad 203e 0a .......... >.

    Assuming the document is UTF-8 (no way of telling for sure), we can look up 0xad in gucharmap and so realise that the character that triggers the bug is really "U+00AD SOFT HYPHEN"

    So you are a victim of loss of information caused by the incorrect encoding of the advisory into ASCII. :)

  29. Re:Nope - not on my v1.06 Firefox by Anonymous Coward · · Score: 1, Informative · on Unpatched Firefox Flaw May Expose Users

    Just pasting into the address bar doesn't do it. Try this link from his advisory:

    http://www.security-protocols.com/firefox-death.ht ml

  30. MOD PARENT UP by Anonymous Coward · · Score: 0 · on Unpatched Firefox Flaw May Expose Users

    The exploit no longer works with that workaround enabled.

  31. what a whiny runt. by kinglink · · Score: 3, Insightful · on Unpatched Firefox Flaw May Expose Users

    I mean I looked at the official disclosure from him (http://www.security-protocols.com/advisory/sp-x17 -advisory.txt)
    and basically he acts like 4 days is all he needs to wait.. and apparently Mozilla isn't doing enough for this?

    Mozilla isn't Microsoft or Cisco in two catagories.
    A. They arn't ultra large coporatitions that can fix stuff in an instant.
    B. They don't ignore problems, especially like this. They're likely working as fast as they can and they are willing to admit fuckups, but they want to have a fix for the fuck up first.

    We don't need everyone running around thinking that EVERY company conducts business the same way that Cisco does... How all of them are part of a conspiracy. Firefox is getting known in the industry to be basically good at avoiding problems other browsers have and fixing major bugs.

    By having a guy run around like this only 4 days (notice the dates in that link) it can only cause a higher likelyhood that someone will use that find maliciously and Firefox will get blamed for it when it's really the disclosure that's the problem.

    The fact is those of us who find these bugs need to give the company time to react, we don't need to act like they don't care. 4 days is hardly enough unless he got back a letter that said screw you, which it doesn't sound like he did. Giving Full Disclosure the first time you hear about a problem, just creates a bigger problem because now more people will learn of the problem.

    And there's a definate difference between waiting a couple monthes like the Cisco incident where the company was being forced into an uncomfortable positions and waiting less then a full week with apparently no provacation.

  32. For all those that can't reproduce by revelation0 · · Score: 5, Informative · on Unpatched Firefox Flaw May Expose Users

    Take 2 seconds to check out his proof of concept:

    http://www.security-protocols.com/firefox-death.ht ml

    WARNING: Clicking the above link will crash firefox. It will do nothing else. The hyphens are not normal minus hyphen (the - symbol on your american keyboard will translate to 0x2d) but a soft hyphen (0xad).

  33. Re:Proof of concept by Anonymous Coward · · Score: 0 · on Unpatched Firefox Flaw May Expose Users

    Here is the URL for your trying :) http://www.security-protocols.com/firefox-death.ht ml

  34. Re:1.5 safe? by beerman2k · · Score: 2, Informative · on Unpatched Firefox Flaw May Expose Users

    I dont understand. Is 1.5 safe?
    I'd say RTFA, but this is Slashdot after all...

    If you had read the article you would have found a link to the advisory which clearly states the following:

    Vendor:
    Mozilla

    Versions Affected:
    Firefox Win32 1.0.6 and prior
    Firefox Linux 1.0.6 and prior
    Firefox 1.5 Beta 1 (Deer Park Alpha 2)

    Overview:
    A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior
    versions which allows for an attacker to remotely execute arbitrary code on a affected
    host.
  35. Re:Proof of concept by patio11 · · Score: 1 · on Unpatched Firefox Flaw May Expose Users

    Unfortunately (?), Slashdot autorepairs the URL in a way which defeats the attack. But you can still see an example of it at his website.

  36. exploits? by samjam · · Score: 4, Interesting · on Unpatched Firefox Flaw May Expose Users

    The bug depended on the host name being all ---

    It will be hard to craft some exploit code using only the - character.

    It may DOS and cause instability; as for those "but, open source should be proof against this" nay-sayers, I'm pretty certain from the advisory that this could only be properly discovered because the source was available.

    hmmmm, maybe if you can trick users to click on bad links a few times it might cause heap corruption and crashing; maybe if you get them to download the right page a few times to pre-load the heap, and then a few ----- might cause the browser to execute from the heap,

    A look at the soucre will show the consequences of this and show what sort of pathway there is to arbitrary code execution. I guess it could be exploitable...

    Sam

  37. Wait 'til they fix this, then download... by lpangelrob · · Score: 1 · on Mozilla Firefox 1.5 Beta 1 Released
    Most likely will be a separate story in the Near Future, but worth posting now...

    Security-protocols.com issued an advisory for a Critical buffer-overflow problem. I was unable to reproduce it with the links they provided, however.

    Assuming this is confirmed as problem, wait 'til they fix it, then download the secured version. All versions of Firefox are affected.

  38. Re:Hardware Firewall by nfsilkey · · Score: 1 · on New Batch of XP SP2 Holes

    Screenshot of the POC crashing a VMWare host.

    I think the PuTTy window and the Windows desktop icons on the owner's screenshot are too funny. fux0r.phathookups.com? LOL. Hackerfucker? LOL! Tom 't0mmy' Ferris, youre my hero!

  39. Here's more problems... by alexandre · · Score: 1 · on Searching For Trouble With Google

    A security focus article with many other ideas and a complete web site about google hacking. Happy searching :)