Archive for the ‘advisory’ Category

Exploits for Kaminsky’s DNS Cache Poisoning Flaw

July 23, 2008

I patched the second Kaminsky told us all to ~15 days ago… did you?

CAU-EX-2008-0002

CAU-EX-2008-0003

Metasploit blog post about these exploits.

Advertisements

CAU-EX-2008-0001: Solaris ypupdated Command Execution

April 4, 2008

Metasploitized version of a recent Solaris rpc.ypupdated exploit from milw0rm:

http://www.caughq.org/exploits/CAU-EX-2008-0001.txt

CAU-2008-0001: Slowly Closing Door Race Condition

April 1, 2008

Today we have a new advisory for you, CAU-2008-0001, the Slowly Closing Door Race Condition:

http://www.caughq.org/advisories/CAU-2008-0001.txt

EDIT (04/02/2008):  April Fools!!!

CAU-2006-0001: Myspace.com Trojaned Navigation Menu

November 16, 2007

http://www.caughq.org/advisories/CAU-2006-0001.txt

CAU-2007-0001: Window Transparency Information Disclosure

April 1, 2007

An information disclosure attack can be launched against buildings that make use of windows made of glass or other transparent materials by observing externally-facing information through the window.

http://www.caughq.org/advisories/CAU-2007-0001.txt

CAU-2005-0001: Chat Service Users – “Oops! Wrong Window” Information Disclosure

April 1, 2005

A potential information disclosure vulnerability exists with all users
of chat services. When users do not adequately pay attention to which
window or application has focus on their workstation, they may
inadvertently type sensitive information like passwords or personal
information into the chat service.

http://www.caughq.org/advisories/CAU-2005-0001.txt

6 New AIX Security Advisories by intropy

June 7, 2004

IBM AIX invscout Commandline Argument Overflow
http://www.caughq.org/advisories/CAU-2005-0002.txt

IBM AIX paginit Command-line Argument Format String
http://www.caughq.org/advisories/CAU-2005-0003.txt

IBM AIX diagTasksWebSM Commandline Argument Overflow
http://www.caughq.org/advisories/CAU-2005-0004.txt

IBM AIX getlvname Commandline Argument Overflow
http://www.caughq.org/advisories/CAU-2005-0005.txt

IBM AIX p* Commandline Argument Overflow
http://www.caughq.org/advisories/CAU-2005-0006.txt

IBM AIX swcons Commandline Argument Overflow
http://www.caughq.org/advisories/CAU-2005-0007.txt

CAU-2004-0001: Mutliple Screensaver – Information Disclosure

April 1, 2004

An information disclosure vulnerability exists with some popular screensavers. Screensavers that use snapshots of the underlying desktop may reveal sensitive information if the screensaver is intended to lock a user’s workstation while they are away.

http://www.caughq.org/advisories/CAU-2004-0001.txt