Phreebird is a DNSSEC proxy that operates in front of an existing DNS server (such as BIND, Unbound, PowerDNS, Microsoft DNS, or QIP) and supplements its records with DNSSEC responses. Features of Phreebird include automatic key generation, realtime record signing, support for arbitrary responses, zero configuration, NSEC3 "White Lies", caching and rate limiting to deter DoS attacks, and experimental support for both Coarse Time over DNS and HTTP Virtual Channels. The suite also contains a large amount of sample code, including support for federated identity over OpenSSH. Finally, "Phreeload" enhances existing OpenSSL applications with DNSSEC support.
13afe1a7aa6ab753275c0b5289b6a8bcMozilla NSS NULL character CA SSL certificate validation security bypass vulnerability.
3a02a4eed8006d3a2834913dde03f727Mozilla Firefox versions up through 3.0.13 suffer from an arbitrary command execution vulnerability due to the pkcs11.addmodule function.
2676a9f8501c41fc246aceeafdea7a92DNS TXT record parsing in LibSPF2 suffers from a memory corruption vulnerability. Heap overflow exploit included for reproduction purposes.
480c18dde5e57166e2d350956e56f893Stripwire is a tool which demonstrates vulnerabilities in md5 checks described in this paper. Contains a perl script which proves that if md5(x) == md5(y), then md5(x+q) == md5(y+q) (assuming length(x) and length(y) are 0 mod 64, and q is any arbitrary data). This is true because once two blocks converge upon the same hash, the nature of them being different has thereafter been lost.
aa5a1a01f2f6e05656fff5d5304c59b2Collision vulnerabilities in MD5 Checksums - It is possible to create different executables which have the same md5 hash. The attacks remain limited, for now. The attack allows blocks in the checksumm'd file to be swapped out for other blocks without changing the final hash. This is an excellent vector for malicious developers to get unsafe code past a group of auditors, perhaps to acquire a required third party signature. Alternatively, build tools themselves could be compromised to embed safe versions of dangerous payloads in each build. A tool to demonstrate these vulnerabilities is available here.
5e1605409d78efd92cdce0d11489010bPaketto Keiretsu v1.10 implements many of the techniques described in recent here.
7fd82af09a6493f24c8681f7bbf03898Paketto Keiretsu v1.0 implements many of the techniques described in recent here.
f974f9f115a422c4ddff73fb1e98269cTCP Chorusing in the Windows 9x TCP/IP Stack - Flaws in the Windows 9x TCP/IP Stack can lead to Denial of Service attacks - this issue is not new, but the problems described by Dan Kaminsky in this article are.
ffd495391bd83e8e47526540373e0024
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed