[FD] Flash: Local SWF files can leak arbitrary local files to the internet

Summary: Flash by design allows local SWF files to read arbitrary local files, but prevents communication with remote servers. By smuggling data through a timing side-channel, this can be circumvented, allowing local SWF files to exfiltrate the contents of arbitrary local files to the internet. So

[FD] CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream

In Android <5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. That issue was fixed in Android 5.0 with this commit: This means that when

Re: [FD] CVE request: remote code execution in Android CTS

On Sun, Oct 19, 2014 at 07:28:33PM +1000, Lord Tuskington wrote: > CTS parses api-coverage.xsl without providing the FEATURE_SECURE_PROCESSING > option. See lines 60-67 of > cts/tools/cts-api-coverage/src/com/android/cts/apicoverage/HtmlReport.java: > > InputStream xsl = > CtsApiCoverage.class.get

[FD] OpenSSH <=6.6 SFTP misconfiguration exploit for 64bit Linux

OpenSSH lets you grant SFTP access to users without allowing full command execution using "ForceCommand internal-sftp". However, if you misconfigure the server and don't use ChrootDirectory, the user will be able to access all parts of the filesystem that he has access to - including procfs. On mod

Re: [FD] Legitimacy of new Heartbleed exploit?

On Fri, Apr 25, 2014 at 08:18:04AM -1000, Dillon Korman wrote: > Saw a link to this: > http://pastebin.com/qPxR9BRv > > Do you think there really is a working exploit on new versions of OpenSSL? It's bullshit. They say: 'A missing bounds check in the handling of the variable "DOPENSSL_NO_HEARTBE

Re: [FD] heartbleed OpenSSL bug CVE-2014-0160

On Wed, Apr 09, 2014 at 09:59:59PM -0400, Peter Malone wrote: > Unless I'm mistaken, the following memcmp is vulnerable to a remote > timing attack. > https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L1974 > static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) > { >

Re: [FD] heartbleed OpenSSL bug CVE-2014-0160

On Tue, Apr 08, 2014 at 01:30:11PM +, Chris Schmidt wrote: > The bug is in the TLS implementation in OpenSSL, you will only see it on https Not true, e.g. SMTP servers that support STARTTLS are also affected. signature.asc Description: Digital signature _

Re: [FD] heartbleed OpenSSL bug CVE-2014-0160

On Tue, Apr 08, 2014 at 10:23:26AM +0200, Joerg Mertin wrote: > Ubuntu already has released: > http://www.ubuntu.com/usn/usn-2165-1/ > > My server updated during the night :} Make sure that it actually worked! I did this after updating my debian server: root@thejh:/home/jann# for pid in $(grep -

[FD] PoC: End-to-end correlation for Tor connections using an active timing attack

This is a very simple implementation of an active timing attack on Tor. Please note that the Tor developers are aware of issues like this – https://blog.torproject.org/blog/one-cell-enough states: > The Tor design doesn't try to protect against an attacker who can see > or measure both traffic go