what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files from Joost Pol

Email addressjoost at pine.nl
First Active2002-03-07
Last Active2004-11-12
squirrelXSS.txt
Posted Nov 12, 2004
Authored by Joost Pol | Site squirrelmail.org

SquirrelMail versions 1.4.3a and below suffer from a cross site scripting issue in the decoding of encoded text in certain headers. It correctly decodes the specially crafted header, but does not sanitize the decoded strings.

tags | advisory, xss
SHA-256 | 7e8ba7c0955736c617724cfb48418a3e21a671ca561f31c735c783a6d3f15e45
pine-cert-20040201.txt
Posted Feb 4, 2004
Authored by Joost Pol | Site pine.nl

Pine Digital Security Advisory PINE-CERT-20040201 - The shmat(2) function has a flaw that allows local users to achieve escalated privileges. Vulnerable systems: FreeBSD versions 2.2.0 and greater, NetBSD versions 1.3 and greater, and OpenBSD versions 2.6 and greater.

tags | advisory, local
systems | netbsd, freebsd, openbsd
SHA-256 | a574248c2ca40bfc4b92b9ac9a645d17d7ca2b2477dbce0dd28b3dd3e9b6ce84
FreeBSD Security Advisory 2003.17
Posted Oct 3, 2003
Authored by The FreeBSD Project, Joost Pol | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:17.procfs - A malicious local user could arrange to use a negative or extremely large offset when reading from a procfs "file", causing a system crash, or causing the kernel to return a large portion of kernel memory.

tags | advisory, kernel, local
systems | freebsd
SHA-256 | 95e6035f8a0720cdbb5f1dc7e6f3eaec332fcab7abca4a91304f917dc8a2abd8
pine-cert-20030902.txt
Posted Oct 3, 2003
Authored by Joost Pol | Site pine.nl

Pine Digital Security Advisory PINE-CERT-20030902 - An integer overflow condition in all versions of FreeBSD could lead to disclosure of kernel memory.

tags | advisory, overflow, kernel
systems | freebsd
SHA-256 | 19e199ebba5f002b2f5b355c5a5d6960f5ecfe97e20fc885c026a346d1f05c8f
pine-cert-20030901.txt
Posted Oct 3, 2003
Authored by Joost Pol | Site pine.nl

Pine Digital Security Advisory PINE-CERT-20030901 - An integer overflow condition that is exploitable under FreeBSD versions 4.3 to present allows for a denial of service and/or privilege escalation.

tags | advisory, denial of service, overflow
systems | freebsd
SHA-256 | f754c8aed03b7474ca466d0f22cdec167687afafce591d4700b55c4268ac9b84
FreeBSD Security Advisory 2003.16
Posted Oct 2, 2003
Authored by The FreeBSD Project, Joost Pol | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:16.filedesc - A programming error in the readv system call can result in the given file descriptor's reference count being erroneously incremented. A local attacker may cause the operating system to crash by repeatedly calling readv on a file descriptor until the reference count wraps to a negative value, and then calling close on that file descriptor. Similarly, it may be possible to cause a file descriptor to reference unallocated kernel memory, but remain valid. If a new file is later opened and the kernel allocates the new file structure at the same memory location, then an attacker may be able to gain read or write access to that file. This may in turn lead to privilege escalation. This affects releases 4.3-RELEASE through 4.8 RELEASE.

tags | advisory, kernel, local
systems | freebsd
SHA-256 | d77bc848ba499127eb6972feeba3dbe40a919dde740117b4638758fd937de5da
pine-cert-20030101.txt.asc
Posted Jan 6, 2003
Authored by Joost Pol | Site pine.nl

Pine Digital Security Advisory PINE-CERT-20030101 - A local vulnerability has been found in the FreeBSD kernel which allows privilege escalation or denial of service by taking advantage of the socket file counter. FreeBSD 4.X after 20021111 has been fixed.

tags | advisory, denial of service, kernel, local
systems | freebsd
SHA-256 | 6edc8db6259fc7b17ccd231a3431182439832505cff547336d6c670774b7fad0
pine-cert-20020301.txt
Posted Mar 7, 2002
Authored by Joost Pol | Site pine.nl

An off by one overflow has been discovered in the channel code of OpenSSH versions 2.0 - 3.0.2. Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client. Fix available here.

tags | overflow, root
SHA-256 | f862fbf462b1a8965de529058ff2c189f2e7ad5ad9d1c0dde44d02b7424b0163
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close