| census ID: | census-2010-0001 |
| CVE ID: | CVE-2010-2020 |
| Affected Products: | FreeBSD 8.0-RELEASE, 7.3-RELEASE, 7.2-RELEASE |
| Class: | Improper Input Validation (CWE-20) |
| Remote: | No |
| Discovered by: | Patroklos Argyroudis |
We have discovered two improper input validation vulnerabilities in the FreeBSD kernel’s NFS client-side implementation (FreeBSD 8.0-RELEASE, 7.3-RELEASE and 7.2-RELEASE) that allow local unprivileged users to escalate their privileges, or to crash the system by performing a denial of service attack.
read more...
census will be joining forces with
Online Systems Ltd. to offer specialised IT security services in the United Kingdom.
More details on this will follow soon.
A new whitepaper on Digital Forensics has been added to the Services section of our website.
It features a gentle introduction to the field of digital investigations and presents the key benefits of the census Digital Forensics service.
census will be presenting “Context-keyed Payload Encoding: Fighting the Next Generation of IDS” at AthCon 2010. AthCon is a fresh IT security conference which will take place this summer in Greece! Our presentation will cover the latest in IDS evasion techniques for targeted shellcode and will feature new Metasploit modules implementing the presented techniques.
…you don’t want to miss out on this, so register now!
Update: Source code, slides and whitepaper are now available here.
