Articles with tag: Research
POSTED BY: Dimitrios Glynos / 08.06.2009

Rasterbar libtorrent arbitrary file overwrite vulnerability

CENSUS ID:CENSUS-2009-0002
CVE ID:CVE-2009-1760
Affected Products:Any application that uses the Rasterbar Software libtorrent library (versions ≤ 0.14.3) for BitTorrent file downloads.
Class:Relative Path Traversal (CWE-23), Improper Handling of Syntactically Invalid Structure (CWE-228)
Remote:Yes
Discovered by:Dimitris Glynos

We have discovered an “arbitrary file overwrite” vulnerability in libtorrent that allows an attacker to create and modify arbitrary files (and directories) in remote systems, with the effective rights of the user executing the vulnerable libtorrent-based application.


POSTED BY: Patroklos Argyroudis / 20.02.2009

FreeBSD kernel stack overflows

Last May (2008-05-30) I presented my research on FreeBSD kernel stack overflows at the University of Piraeus Software Libre Society, Event #16: Computer Security. The slides from the talk are now available in our research section.


POSTED BY: Dimitrios Glynos / 21.01.2009

Static SSP canary in Debian libc6

CENSUS ID:CENSUS-2009-0001
Affected Products:All SSP-armoured applications, statically or dynamically linked against the libc6 library (versions ≤ 2.7) provided by the Debian GNU/Linux project.
Class:Degraded performance of security mechanism due to misconfiguration.
Discovered by:Dimitris Glynos

We have found that Debian packages of the GNU libc library (versions prior to and including 2.7) provide a static (i.e. guessable) canary value to all applications armoured with the gcc SSP mechanism.


POSTED BY: Patroklos Argyroudis / 19.01.2009

FreeBSD kernel debugging

The FreeBSD kernel can be debugged with the ddb(4) interactive kernel debugger. Although the latest production release of FreeBSD (7.1 at the time of this writing) adds some very useful features, ddb is still lacking the flexibility of gdb.