Phreebird is a DNSSEC proxy that operates in front of an existing DNS server (such as BIND, Unbound, PowerDNS, Microsoft DNS, or QIP) and supplements its records with DNSSEC responses. Features of Phreebird include automatic key generation, realtime record signing, support for arbitrary responses, zero configuration, NSEC3 "White Lies", caching and rate limiting to deter DoS attacks, and experimental support for both Coarse Time over DNS and HTTP Virtual Channels. The suite also contains a large amount of sample code, including support for federated identity over OpenSSH. Finally, "Phreeload" enhances existing OpenSSL applications with DNSSEC support.
851f74625841584a432de6c57ae431f0553eb5bb5633b06087be46e51e44f01bMozilla NSS NULL character CA SSL certificate validation security bypass vulnerability.
92116a1f698ebd192000a6a214b3792bd3a3666828967d60da976747919e9260Mozilla Firefox versions up through 3.0.13 suffer from an arbitrary command execution vulnerability due to the pkcs11.addmodule function.
d27911cb4945b160c3febbb8a671498c09e9a56d2ba6f7c5749ad00881cf8fd4DNS TXT record parsing in LibSPF2 suffers from a memory corruption vulnerability. Heap overflow exploit included for reproduction purposes.
201e0e386e4ffdd03e46d72e898dd00d190b309d864f602273579977691c6d8fStripwire is a tool which demonstrates vulnerabilities in md5 checks described in this paper. Contains a perl script which proves that if md5(x) == md5(y), then md5(x+q) == md5(y+q) (assuming length(x) and length(y) are 0 mod 64, and q is any arbitrary data). This is true because once two blocks converge upon the same hash, the nature of them being different has thereafter been lost.
fa4f1a1f3b2cd2098eef127cc9d5b5b38193af9ffa1fb17e7563d8a8214d60ddCollision vulnerabilities in MD5 Checksums - It is possible to create different executables which have the same md5 hash. The attacks remain limited, for now. The attack allows blocks in the checksumm'd file to be swapped out for other blocks without changing the final hash. This is an excellent vector for malicious developers to get unsafe code past a group of auditors, perhaps to acquire a required third party signature. Alternatively, build tools themselves could be compromised to embed safe versions of dangerous payloads in each build. A tool to demonstrate these vulnerabilities is available here.
cac2fbb0fa5442eda45b2a7a2412eb69fc74e574eb60d2a15209e44acf7e5bf8Paketto Keiretsu v1.10 implements many of the techniques described in recent here.
13498ef49b79f95d1cbf4ebf15edde6b5cfdb5a67557b8060715b30fcab27b73Paketto Keiretsu v1.0 implements many of the techniques described in recent here.
d299bf6abe03d918e37df1c295802a96440e450cb66dda894e980338dbd31941TCP Chorusing in the Windows 9x TCP/IP Stack - Flaws in the Windows 9x TCP/IP Stack can lead to Denial of Service attacks - this issue is not new, but the problems described by Dan Kaminsky in this article are.
86110a839ed3b556156227bd89e253bc4841d4f1fa9afec14790bc6261ee825f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed