News from trapkit.de

[16.07.2010] Oracle Solaris Kernel Security Advisory

tk — Fri, 16 Jul 2010 18:07:56

Oracle released an updated version of their kernel for Solaris 10 and OpenSolaris. The update fixes a denial of service bug I found in the Solaris kernel. For more information see Advisory Related blog entry

[22.02.2010] avast! Security Advisory

tk — Mon, 22 Feb 2010 15:21:39

ALWIL software released an updated version of avast!. The update fixes a memory corruption vulnerability I found in one of the kernel drivers shipped with avast! 4.8 and 5.0. For more information see Advisory Related blog entry

[02.02.2010] Apple iPhone OS and Mac OS X Security Advisory

tk — Tue, 02 Feb 2010 22:08:23

Apple released security updates for iPhone OS and Mac OS X that fix a stack buffer overflow vulnerability I found in CoreAudio. For more information see Advisory Related blog entry

[31.01.2010] Oracle Solaris Kernel Security Advisory

tk — Sun, 31 Jan 2010 12:01:34

Oracle released an updated version of their kernel for Solaris 10 and OpenSolaris. The update fixes a NULL pointer dereference I found in the Solaris kernel. For more information see Advisory Related blog entry

[27.12.2009] New version of checksec.sh

tk — Sun, 27 Dec 2009 12:39:28

I released a new version of checksec.sh. This script is designed to test what standard Linux OS security features are being used. For more information click here.

[09.09.2009] Apple iPhone OS AudioCodecs Heap Buffer Overflow (TKADV2009-007)

tk — Wed, 09 Sep 2009 23:35:23

Apple released an updated version of their iPhone OS. The update fixes a heap buffer overflow vulnerability I found in the AudioCodecs library of iPhone OS < 3.1 and iPhone OS < 3.1.1 for iPod touch.Advisory Related blog entry

[16.05.2009] libsndfile/Winamp Security Advisory (TKADV2009-006)

tk — Sa, 16 May 2009 08:31:37

The libsndfile maintainers released an updated version of their multimedia library. The update fixes a heap buffer overflow vulnerability I found in the VOC (Creative Voice) demuxer. As libsndfile is used by Winamp (and other software projects) this popular media player is also affected by this vulnerability.Advisory Related blog entry

[04.04.2009] xine-lib Security Advisory (TKADV2009-005)

tk — Sa, 04 Apr 2009 11:41:42

The xine-lib maintainers released an updated version of their multimedia library. The update fixes an integer overflow vulnerability I found in the Quicktime demuxer.Advisory Related blog entry

[15.02.2009] xine-lib also affected by TKADV2009-004

tk — Sun, 15 Feb 2009 15:00:43

I updated TKADV2009-004 as xine-lib < version 1.1.16.2 is also affected by a variant of the bug described in the advisory.Advisory Related blog entry

[28.01.2009] FFmpeg Security Advisory (TKADV2009-004)

tk — Wed, 28 Jan 2009 21:22:38

Today the FFmpeg maintainers released an updated version of their multimedia framework. The update fixes a type conversion vulnerability I found in FFmpeg.Advisory Related blog entry

[22.01.2009] GStreamer Security Advisory (TKADV2009-003)

tk — Thu, 22 Jan 2009 21:17:33

Today the GStreamer maintainers released an updated version of their multimedia framework. The update fixes some Heap Buffer Overflows and Array Index Out of Bounds vulnerability I found in GStreamer.Advisory Related blog entry

[11.01.2009] Amarok Security Advisory (TKADV2009-002)

tk — Sun, 11 Jan 2009 18:28:26

Today the Amarok maintainers released an updated version of their media player. The update fixes some Integer Overflow and Unchecked Allocation vulnerabilities I found in Amarok.Advisory Related blog entry

[11.01.2009] Sun Solaris Kernel Security Advisory (TKADV2009-001)

tk — Sun, 11 Jan 2009 17:12:43

Sun released an updated version of their kernel for Sun Solaris 8, 9, 10 and OpenSolaris. The update fixes an Integer Overflow vulnerability I found in the Sun Solaris kernel.Advisory Exploitability

[17.12.2008] Sun Solaris Kernel Security Advisory (TKADV2008-015)

tk — We, 17 Dec 2008 22:17:54

After a patch development time of 471 days Sun released an updated version of their kernel for Sun Solaris 10 and OpenSolaris. The update fixes a NULL pointer dereference vulnerability I found in the Sun Solaris kernel.Advisory Exploitability

[14.12.2008] MPlayer Security Advisory (TKADV2008-014)

tk — So, 14 Dec 2008 16:53:56

This security advisory describes the technical details of a stack buffer overflow vulnerability I found in the TwinVQ demuxer of MPlayer.Advisory

[30.11.2008] VLC Media Player Security Advisory (TKADV2008-013)

tk — So, 30 Nov 2008 15:25:37

This security advisory describes the technical details of an integer overflow vulnerability I found in the RealMedia demuxer of VLC media player.Advisory Exploitability

[05.11.2008] VLC Media Player Advisories (TKADV2008-011/TKADV2008-012)

tk — We, 5 Nov 2008 23:44:26

These advisories are describing the technical details of two stack overflows I found in the RealText and CUE demuxers of VLC media player.TKADV2008-011 TKADV2008-012

[20.10.2008] VLC Media Player Security Advisory (TKADV2008-010)

tk — Mo, 20 Oct 2008 19:44:34

This security advisory describes the technical details of a security vulnerability I found in the TiVo demuxer of VLC media player.Advisory Exploitability

[21.09.2008] WebEx Security Advisory (TKADV2008-009)

tk — So, 21 Sep 2008 19:50:34

This security advisory describes the technical details of a security vulnerability I found in an activex component of the WebEx Meeting Manager.Advisory Exploitability

[17.09.2008] G DATA Security Advisory (TKADV2008-008)

tk — Tue, 17 Sep 2008 22:57:45

This security advisory describes the technical details of a security vulnerability I found in the G DATA products AntiVirus, InternetSecurity and TotalCare 2008. G DATA needed a patch development time of 294 days to fix the bug.Advisory Exploitability

[09.09.2008] Linux Kernel SCTP-AUTH API Advisory (TKADV2008-007)

tk — Tue, 9 Sep 2008 21:32:15

This security advisory describes the technical details of some vulnerabilities I found in the SCTP-AUTH API of the Linux Kernel. The kernel maintainers needed a patch development time of 1 day to fix the bugs. Advisory Exploitability

[12.08.2008] CA HIPS KmxFw.sys Kernel Memory Corruption (TKADV2008-006)

tk — Tue, 12 Aug 2008 20:02:15

After a patch development time of 158 days CA released updates for various of their products. The updates are fixing a memory corruption vulnerability (kernel pool corruption) I found in one of the drivers shipped with these products. Advisory Exploitability

[08.08.2008] Blogging

tk — Fri, 8 Aug 2008 20:35:19

(Like everyone else) I now have a blog where I will publish random thoughts on security vulnerabilities, exploiting and stories from kernel land from time to time. The news from trapkit.de are now also available as RSS feed.

[06.08.2008] Linux Kernel Security Advisory released (TKADV2008-005)

tk — Wed, 6 Aug 2008 22:23:54

This security advisory describes the technical details of the vulnerability CVE-2008-3272 I found in the Linux kernel. The kernel maintainers needed a patch development time of 4 days to fix this bug. Read more ...

[13.06.2008] Sun Solaris Security Advisory released (TKADV2008-003)

tk — Fr, 13 Jun 2008 23:11:24

After a patch development time of 298 days (!) Sun finally released an updated version of their kernel for Sun Solaris 10 and OpenSolaris. The update fixes a memory corruption vulnerability (Integer Overlow, described in SunAlert #237965) I found in the Sun Solaris kernel. Read more ...

[07.06.2008] ScoopyNG - The VMware detection tool v1.0 released

tk — Sat, 7 Jun 2008 16:37:46

ScoopyNG combines the detection tricks of Scoopy Doo and Jerry as well as some new techniques to determine if a current OS is running inside a VMware Virtual Machine (VM) or on a native system. ScoopyNG works on all modern uni-, multi- and multi-core cpu's and is able to detect VMware even if "anti-detection-mechanisms" are deployed. Read more ...

[06.06.2008] Kaspersky Security Advisory released (TKADV2008-004)

tk — Fri, 6 Jun 2008 22:14:34

This security advisory describes the technical details of the vulnerability CVE-2008-1518 I found and published working with iDefense VCP. Kaspersky needed a patch development time of 78 days to fix this bug. Read more ...

[30.03.2008] avast! 4.7 Security Advisory released (TKADV2008-002)

tk — So, 30 Mar 2008 10:23:42

After a patch development time of only 13 days ALWIL Software released an updated version of their avast! 4 Professional and Home Edition. The update fixes a memory corruption vulnerability (it's possible to write arbitrary data at an arbitrary memory address) I found in one of the drivers shipped with these products. Read more ...

[08.03.2008] Panda Internet Security/Antivirus+Firewall 2008 Security Advisory released (TKADV2008-001)

tk — Sa, 08 Mar 2008 13:38:09

After a patch development time of 60 days Panda Security released a hotfix for their Panda Internet Security 2008 and Panda Antivirus+Firewall 2008 products. This hotfix fixes a memory corruption vulnerability (overflow in the data section) I found in one of the drivers shipped with these products. Read more ...

[01.03.2008] Mac OS X AppleTalk AIOCSETZNUSAGE IOCTL Kernel Stack Overflow Security Advisory released (TKADV2007-003)

tk — Sa, 01 Mar 2008 21:32:39

This security advisory describes the technical details of the vulnerability CVE-2007-4267 I found and published working with iDefense VCP. Apple needed a patch development time of 99 days to fix this bug. Read more ...