Articles with tag: Research
POSTED BY: Patroklos Argyroudis / 14.10.2009

gif2png command line buffer overflow

CENSUS ID:CENSUS-2009-0006
CVE ID:CVE-2009-5018
Affected Products:gif2png versions ≤ 2.5.1.
Class:Improper Input Validation (CWE-20), Failure to Constrain Operations within the Bounds of a Memory Buffer (CWE-119)
Remote:Yes (when gif2png is used by CGI programs)
Discovered by:Patroklos Argyroudis

We have discovered an “improper input validation” vulnerability in the gif2png utility that leads to a stack buffer overflow.


POSTED BY: Patroklos Argyroudis / 02.07.2009

CVE-2008-3531: FreeBSD kernel stack overflow exploit development

About four months ago I developed a reliable exploit for vulnerability CVE-2008-3531, which is also addressed in the advisory FreeBSD-SA-08:08.nmount. In this post I will use this vulnerability to provide an overview of the development process for FreeBSD kernel stack exploits.


POSTED BY: Dimitrios Glynos / 08.06.2009

Rasterbar libtorrent arbitrary file overwrite vulnerability

CENSUS ID:CENSUS-2009-0002
CVE ID:CVE-2009-1760
Affected Products:Any application that uses the Rasterbar Software libtorrent library (versions ≤ 0.14.3) for BitTorrent file downloads.
Class:Relative Path Traversal (CWE-23), Improper Handling of Syntactically Invalid Structure (CWE-228)
Remote:Yes
Discovered by:Dimitris Glynos

We have discovered an “arbitrary file overwrite” vulnerability in libtorrent that allows an attacker to create and modify arbitrary files (and directories) in remote systems, with the effective rights of the user executing the vulnerable libtorrent-based application.


POSTED BY: Patroklos Argyroudis / 20.02.2009

FreeBSD kernel stack overflows

Last May (2008-05-30) I presented my research on FreeBSD kernel stack overflows at the University of Piraeus Software Libre Society, Event #16: Computer Security. The slides from the talk are now available in our research section.