Monday, April 13, 2015

Unauthenticated SSH port forwarding in Cisco CSS 11500

References:
CISCO:   http://tools.cisco.com/security/center/viewAlert.x?alertId=37889
MITRE:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0667

Timeline:
Feb 27 2015: Reported to Cisco PSIRT. Assigned to Incident Manager.
Mar 13 2015: Status check with Incident Manager.
[ Mar 18 2015: Cisco releases IntelliShield ID 37889 ] -- Not copied on this.
Apr 10 2015: Status check with Incident Manager
Apr 13 2015: Incident Manager supplies IntelliShield ID; Finding closed from my end.




Monday, March 23, 2015

mozjpeg findings update

Closed
20150323:  mozjpeg: b6029d31 SIGFPE on specially crafted jpeg https://github.com/mozilla/mozjpeg/issues/153

Saturday, March 14, 2015

libicns

Findings

010db139 -- SEGV #1 icns_read_be (size=2, inp=0x661000, outp=<synthetic pointer>) at icns_io.c:51
3454826d -- SEGV #1 icns_read_le (size=2, inp=<optimized out>, outp=<synthetic pointer>) at icns_io.c:101

Reported to maintainer Mathew Eis  March 14, 2015, 9:43 p.m.

Sunday, March 8, 2015

Fuzzing Update

freeXL:
Re: 9f74b0e8, c9be2aa7, d7273f72, 6889d18b
Closed with patch.
https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1

html2text:
Re: 8afd955e [Crash, SEGV ] malloc in Area.C:223
Response received from vendor, wontfix.

exifprobe:
Re: 3a41cb1c, 6bb4db60
Closed with patch. 3a41cb1c resolved in this patch. 6bb4db60 resolved in this patch.
Re: ab50ccf7
Closed in latest git checkout. Asking vendor for patch details.

fig2xsd:
Re: 485f75d6, bd644d4d
Closed with vendor release of 0.22
http://prdownloads.sourceforge.net/fig2sxd/fig2sxd_0.22.orig.tar.gz?download

gif2png:
Re: 0cd10b14
Vendor working on fix.

hp2xx:
Submitted new 0ad69d36, 24dfd181, 27eac1b7, 2b9f1f19, 3503093d, 3a5b6ff4, 3b2a6ca6, 40dd99c6, 42e898d9, 4fa145b4, 5570ae2a, 57dc6ada, 7c503fc7, 7d580ece, 87aebb39, 8d2e9b05, 9071d6d8, 91fe0b08, 92cee751, 99f38038, a921cb74, b1ee740e, b3445f4e, b6bd0cc0, b9eff3a0, bbb8391b, c3e9eae3, c7f0611a, cb3d04f9, d34f9134, d6ce68b4, dccd6129, ea388b76, f2315602, f7cede9e  on 3/8/2015

giftrans:
Submitted new a4ac94f0 to Debian QA team on 3/8/2015, Debian bug ID 780079;


Wednesday, December 24, 2014

New CVE ID: CVE-2014-8716


 I found this via the AFL fuzzer.

Saturday, December 29, 2012

sysidcfg in solaris 10 shared-ip zones

If you've tried to put a sysidcfg in shared-ip zones with multiple network interfaces, you've probably experienced some headaches.

I found that if I specified each interface like you would in a normal sysidcfg, it would drop to interactive input.

When I was just specifying one interface with network_interface=PRIMARY{etc etc}, everything worked fine. When I would switch to network_interface=e1000g0{primary hostname=server.local} , it would drop to interactive again.

The secret was just to use PRIMARY no matter how many interfaces I was configuring.

After some tinkering I was able to drop the whole network_interface{} stanza down to:

network_interface=PRIMARY{hostname=hostname.local}