Posts by: Marco Ivaldi (aka raptor)

CVE-2010-3856 Exploit

CVE-2010-3856 Exploit

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared…
CVE-2009-2669 Exploit

CVE-2009-2669 Exploit

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by…
CVE-2003-0190 PoC

CVE-2003-0190 PoC

Proof of Concept for CVE-2003-0190: timing attack on OpenSSH-portable <= 3.6.1p1 with PAM. http://lab.mediaservice.net/code/ssh_brute.c MD5: 4fbc9a1fb23e828b1fe42ff7cc65d1c1 SHA-1: b57f20c0a86c20cda82e8dc169923452fc50225c http://lab.mediaservice.net/code/openssh-3.6.1p1_brute.diff MD5: de3bc1148b93ddb427f6fc721d08a1c0 SHA-1: 9cf2b8a9bcb5e526c071f18e4bd3be5c5b716e35
CVE-2006-5229

CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses…
CVE-2006-1242

CVE-2006-1242

The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to…
CVE-2003-0190

CVE-2003-0190

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist. This allows remote attackers to determine valid usernames via a…