what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files from Silvio Cesare

First Active1999-08-17
Last Active2008-05-22
iDEFENSE Security Advisory 2008-05-21.1
Posted May 22, 2008
Authored by Silvio Cesare, iDefense Labs | Site idefense.com

iDefense Security Advisory 05.21.08 - Remote exploitation of a design error vulnerability in Snort, as included in various vendors' operating system distributions, could allow an attacker to bypass filter rules. Due to a design error vulnerability, Snort does not properly reassemble fragmented IP packets. When receiving incoming fragments, Snort checks the Time To Live (TTL) value of the fragment, and compares it to the TTL of the initial fragment. If the difference between the initial fragment and the following fragments is more than a configured amount, the fragments will be silently discard. This results in valid traffic not being examined and/or filtered by Snort. iDefense has confirmed the existence of this vulnerability in Snort 2.8 and 2.6. Snort 2.4 is not vulnerable.

tags | advisory, remote
advisories | CVE-2008-1804
SHA-256 | 71694e299caa136a88ff4553f89f1078e330d6913b0b76957abb0e2e9cfa6bff
iDEFENSE Security Advisory 2008-02-12.1
Posted Feb 12, 2008
Authored by Silvio Cesare, iDefense Labs | Site idefense.com

iDefense Security Advisory 02.12.08 - Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2008-0318
SHA-256 | a41220bd562f0751be2d8a4c85b3aa329da8712ae380c55def9f43dd8a24c6b3
Gentoo Linux Security Advisory 200408-16
Posted Aug 19, 2004
Authored by Silvio Cesare, Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200408-16 - glibc contains an information leak vulnerability allowing the debugging of SUID binaries. Versions 2.3.2 and below are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 6d3a5de31a54a4551b867471c5569c8bb8f3f2783a41ac572e82eca0028bf877
stealth-syscall.txt
Posted Jun 5, 2001
Authored by Silvio Cesare | Site big.net.au

Stealth Syscall Redirection - This article describes a technique of redirecting system calls without modifying the sys call table (implemented in Linux). This can be used to evade intrusion detection systems that use the sys call table to register redirected or trojaned system calls. The basic premise behind this attack is to modify the old system call code to jump to the new system call, thus control is transferred to the replacement system call and the sys call table is left untouched.

tags | paper, trojan
systems | linux, unix
SHA-256 | b65637f6eb6460d4d82d35adddf11e37ba7cdf38d977e6f9f161d95599528e70
elf-pv.txt
Posted Aug 17, 1999
Authored by Silvio Cesare

An article on UNIX ELF PARASITES AND VIRUSES including a fully working parasite infector and binary virus for Linux (UNIX portable however). The parasites and virus described and given do not destroy the executeables functionality but instead as with many DOS viruses simply append new code to the image. Rudimentary techniques for disabling the parasites and virus is also described. (includes LONG rant at beginning by author).

tags | exploit, virus
systems | linux, unix
SHA-256 | 41101f0b3c5ca938f20c81b9751270536b75203824557fe9301873ac62f7da1e
runtime-kernel-kmem-patching.txt
Posted Aug 17, 1999
Authored by Silvio Cesare

Demonstration and proof of the concept that access to kernel memory is of great use to a system attacker. Source code, examples included, along with implementation of 'kinsmod', an insmod using the kmem device, _not_ using native LKM support. (includes LONG rant at beginning by author).

tags | exploit, kernel
SHA-256 | b765ec3942e83df5d7d759cdc3b9d55fb7410033fef82b213946f4d7255be5d7
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close