alert7 blog

2009��ĵ�һ��ѩ

WeiWang_blog — 2009-11-01 19:58

2009��ĵ�һ��ѩ,��Ǻܼ�ʱ��....

��Ѿ��Ͼ��10��Сʱ��

��Ͼ��˷ɻ��˷ɻ�...

��֪��Ƿ�Ҫ��»��ס��,��Ƿ��ܹ��ﱱ��..

update: ��賿1�㵽�˱��.
��Ĭ�Ϸ�� 鿴��

NEVER USE syslog FUNCTION in signal handler

WeiWang_blog — 2009-09-18 10:52

��׼��˵Ӧ��:��Ҫ��signal handler��ò��thread-safe ��

��openssh CVE-2006-5051��,syslog��һ��not thread-safe��.

��ǵü��ǰ�и�sendmail��©��,�Ǹ�©��ĸ��:
��Ҫ��signal handler��ʹ��static��.
��Tips �鿴��

[updated]Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability

WeiWang_blog — 2009-09-17 12:04

[UPDATED 2009-9-17]
��л��ĵ��,��Ѿ��ܴ��.
Ĭ��Ϳ��Դ��heap overflow. ��Σ�ջ��Ǻܴ��.

///////////////
��ͦ��ص�,http://www.kb.cert.org/vuls/id/180065
�о��һСʱ��ʱû�ܴ��©��,�ȷ��, ��λ��Ϻ�ܰ��,��֤��Ļ��ݴ��Ǹ��ط�? ��ʱû�ܹ��ݵ��Ǹ��ط�.

��Ƚϼ�,heap overflow

Index: src/http/ngx_http_parse.c
========================

�Ķ�ȫ��
���� 鿴��

[fw]Heap Spraying with Actionscript

WeiWang_blog — 2009-07-25 11:54

��ļ��ĵ�

http://blog.fireeye.com/research/2009/07/actionscript_heap_spray.html

Heap Spraying with Actionscript

Why turning off Javascript won't help this time

Introduction

As you may have heard, there's a new Adobe PDF-or-Flash-or-something 0-day in the wild. So this is a quick note about how it's implemented, but this blog post is

�Ķ�ȫ��
����ɽ֮�� 鿴��

pdf/flash 0day ��

WeiWang_blog — 2009-07-23 11:05

��λ��÷����׼��

http://blogs.adobe.com/psirt/2009/07/update_on_adobe_reader_acrobat.html

˭��?

http://www.avertlabs.com/research/blog/index.php/2009/07/22/new-0-day-attacks-using-pdf-documents/

�Ķ�ȫ��
����Ŷ�̬ �鿴��

��ڵ�Linux Kernel tun_char_poll NULL Pointer Dereference 0day

WeiWang_blog — 2009-07-18 12:04

http://www.milw0rm.com/exploits/9191

��˵��.

��linux kernel 0day��,��λ��Ҳ��̫��, /dev/net/tun�ںܶ�ϵͳ�϶��ͨ�û��Զ�д��.

crw------------ 1 root root 10,200 Jul 18 07:26 /dev/net/tun.

FC5,RHEL5.8 ��Ȩ��.

��ͨ�û��ܶ�д,�ʹ��kernel©��,��exploitҲ��Ч��.

ϵͳ��Ա��ļ�Ȩ��Ƿ��,��粻�ǵĻ�,��ȥ��ͨ�û��Ķ�дȨ�޾Ϳ��ֹ��.

��exploit code �Ķ�ȫ��
���� 鿴��

��Ϊquartz.dll��һ��Ƿ��quicktime�ļ��Ľӿ��

WeiWang_blog — 2009-07-17 22:16

quartz.dll��quicktime�ļ��Ĵ��ʵ��̫��.
��©��.

CVE-2009-1537
CVE-2009-1538
CVE-2009-1539

��β��,��߲��,��directshow 0day��治ת��.

�򵥿��޲��Ĵ��,һ��ʼ��Ϊquartz.dll��һ��Ƿ��quicktime�ļ��Ľӿ��
HKEY_CURRENT_USER, Software\\Microsoft\\Multimedia\\DirectShow
SkipQTParse

է�� Ķ�ȫ��
���� 鿴��

��һ��0day��Tuesday 0day

WeiWang_blog — 2009-07-15 22:58

��Ĭ�Ϸ�� 鿴��

[fw]��Կ��ܳ�Ϊδ��ڿ͹��

WeiWang_blog — 2009-07-13 19:53

Ҫ��ǰѴ��Ϊֻ��Ϊ��.

http://tech.sina.com.cn/d/2009-07-13/08563257000.shtml

�õ��Թ��

��һЩ�˿��ܻ��ʣ��ڿ�ΪʲôҪ��˵Ĵ��ԣ��о��Ա�Դ˱�ʾ��õ��Ե��±��ı��2007��11�º�2008��3�£��

�Ķ�ȫ��
����Ŷ�̬ �鿴��

a typo == a vulnerability Ҳ̸��DirectShow MPEG2 0day

WeiWang_blog — 2009-07-06 21:41

һ��typo,��MS�ĳ��Ա��ʱ��ɨ��¼��̣��һ��&�� ,��һ��صİ�ȫ��⡣
��Ĵ��Ӧ��Լ��򵥲��¾Ϳ��Բ��Գ��ģ��ѵ��û��ô��Ծͷ��˳��

ReadFromStream(LPSTREAM ppvData)
{
        SafeArrayCreate(xx,x, user_controlled_len);
        SafeArrayAccessData(xx,& ppvData);
        ReadFile(x,& ppvDat �Ķ�ȫ��
���� 鿴��

[CLOSED]��ڱ��Ʒ��

WeiWang_blog — 2009-04-29 08:43

��ѵã��Ȥ��ͬ��Ӣ�ļ�� alert7 at gmail.com . ��ӦƸ��Ǽ��Ʒ��

Technical product manager job description

Description of Function and Responsibilities: The technical product manager will be responsible for technical marketing documentation and presentations for McAfee’s network security products. We are looking for a highly motivated professional with a proven track record of successfully driving and marketing products in the network security �Ķ�ȫ��
��Ĭ�Ϸ�� 鿴��

[CLOSED]��ڱ��3��ȫ�о��Ա

WeiWang_blog — 2009-04-27 08:35

��ѵã��Ȥ�Ļ��԰��Ӣ�ļ��ʼ�� alert7 at gmail.com ��

Web security, P2P/IM Security Researcher

Description:

�Ķ�ȫ��
����Ŷ�̬ �鿴��

˵��core dump file,�뵽��2005��ʹ��һ��⣺solaris...

WeiWang_blog — 2009-04-25 00:15

˵��core dump file,�뵽��2005��ʹ��һ��⡣

solaris��һ��ֻ��ִ�е��ļ��Ի��ļ��Ƿ�Ϊ©��

http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-09/0386.html

Ҳ��ͨ��core dumpfile�ֶλ�õ��ļ��ݡ�

��ʱ��linux��Ѿ�û��solaris�ϵ��ˡ��Ͱ�ȫ��Ϊlinux��solaris��ȫ�Ķ࣬��kernel ��libc. ��ǰ��̳�ϻ��۹�setuid shell�İ�ȫ��⣬�Ա��linux��ǰ�档

�õ��˶��ˣ��ñ�¶�İ�ȫ�� Ķ�ȫ��
���� 鿴��

about Linux kernel <2.6.29 exit_notify() local root exploit

WeiWang_blog — 2009-04-24 21:02

��Ȼ��udev�Ǹ�©��Ҳ��˵˵��Linux kernel <2.6.29 exit_notify() exploit.

http://www.milw0rm.com/exploits/8478

1: /proc/sys/fs/suid_dumpable ��1 or 2��Ĭ�Ϻ��󲻿��
2: ��һ��Ļ��⵹�Ǹ��©��Ҳ˵��뵽��ǰ�Ǹ�
prctl(PR_SET_DUMPABLE,2)©��÷��һ�¡�
3�� exploit��Ҫ��24Сʱ��ʵ��Ҫ��һ��Ϳ��̵�һ��Сʱ��core�ļ��ʽ��Щϵͳ��core.xxxx ,�Լ��޸İɡ�
���� 鿴��

WeiWang_blog — 2009-04-24 14:54

��linux kernel��©�� Ǹ��ǳ��õ�Ӧ�ó��©��
http://www.milw0rm.com/exploits/8478

udevd��̴��û��ݲ��µ��ִ��©��ʵа��Ļ��LD_PRELOAD��

int udev_event_execute_run(struct udev_event *event)
{
    struct udev_list_entry *list_entry;
    int err = 0;

    dbg(event->udev, "executing run list\n");
    udev_list_entry_foreach(list_entr �Ķ�ȫ��
���� 鿴��

alert7 blog

2009�����ĵ�һ��ѩ

NEVER USE syslog FUNCTION in signal handler

[updated]Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability

[fw]Heap Spraying with Actionscript

Heap Spraying with Actionscript

Why turning off Javascript won't help this time

Introduction

pdf/flash 0day ����

�������ڵ�Linux Kernel tun_char_poll NULL Pointer Dereference 0day

����Ϊquartz.dll������һ���Ƿ����quicktime�ļ��Ľӿ���

��һ��0day��Tuesday 0day

[fw]���������Կ��ܳ�Ϊδ���ڿ͹�������

a typo == a vulnerability Ҳ̸���������DirectShow MPEG2 0day

[CLOSED]���������ڱ�����������������Ʒ����

[CLOSED]���������ڱ�������3����ȫ�о���Ա

˵��core dump file,�뵽����2005���ʹ���һ�����⣺solaris...