Wednesday, March 23, 2016

Azure Application cannot enable SSL

I was testing out some stuff and ran across this error when trying to add an SSL cert to an application:

"Cannot enable SNI SSL for a hostname foo.bar.com because current site mode does not allow it."

This unhelpful error is just because you have selected a Free version of the Application Service plan. It has nothing to do with the web app you're in right now, other than the meager fact that you want to add SSL to it.

Upgrade the plan to a Standard or Premium plan to get past this error.

Monday, April 13, 2015

Unauthenticated SSH port forwarding in Cisco CSS 11500

References:
CISCO:   http://tools.cisco.com/security/center/viewAlert.x?alertId=37889
MITRE:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0667

Timeline:
Feb 27 2015: Reported to Cisco PSIRT. Assigned to Incident Manager.
Mar 13 2015: Status check with Incident Manager.
[ Mar 18 2015: Cisco releases IntelliShield ID 37889 ] -- Not copied on this.
Apr 10 2015: Status check with Incident Manager
Apr 13 2015: Incident Manager supplies IntelliShield ID; Finding closed from my end.




Monday, March 23, 2015

mozjpeg findings update

Closed
20150323:  mozjpeg: b6029d31 SIGFPE on specially crafted jpeg https://github.com/mozilla/mozjpeg/issues/153

Saturday, March 14, 2015

libicns

Findings

010db139 -- SEGV #1 icns_read_be (size=2, inp=0x661000, outp=<synthetic pointer>) at icns_io.c:51
3454826d -- SEGV #1 icns_read_le (size=2, inp=<optimized out>, outp=<synthetic pointer>) at icns_io.c:101

Reported to maintainer Mathew Eis  March 14, 2015, 9:43 p.m.

Sunday, March 8, 2015

Fuzzing Update

freeXL:
Re: 9f74b0e8, c9be2aa7, d7273f72, 6889d18b
Closed with patch.
https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1

html2text:
Re: 8afd955e [Crash, SEGV ] malloc in Area.C:223
Response received from vendor, wontfix.

exifprobe:
Re: 3a41cb1c, 6bb4db60
Closed with patch. 3a41cb1c resolved in this patch. 6bb4db60 resolved in this patch.
Re: ab50ccf7
Closed in latest git checkout. Asking vendor for patch details.

fig2xsd:
Re: 485f75d6, bd644d4d
Closed with vendor release of 0.22
http://prdownloads.sourceforge.net/fig2sxd/fig2sxd_0.22.orig.tar.gz?download

gif2png:
Re: 0cd10b14
Vendor working on fix.

hp2xx:
Submitted new 0ad69d36, 24dfd181, 27eac1b7, 2b9f1f19, 3503093d, 3a5b6ff4, 3b2a6ca6, 40dd99c6, 42e898d9, 4fa145b4, 5570ae2a, 57dc6ada, 7c503fc7, 7d580ece, 87aebb39, 8d2e9b05, 9071d6d8, 91fe0b08, 92cee751, 99f38038, a921cb74, b1ee740e, b3445f4e, b6bd0cc0, b9eff3a0, bbb8391b, c3e9eae3, c7f0611a, cb3d04f9, d34f9134, d6ce68b4, dccd6129, ea388b76, f2315602, f7cede9e  on 3/8/2015

giftrans:
Submitted new a4ac94f0 to Debian QA team on 3/8/2015, Debian bug ID 780079;


Wednesday, December 24, 2014

New CVE ID: CVE-2014-8716


 I found this via the AFL fuzzer.