what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 60 RSS Feed

Files from Adam Gowdiak

Email addresszupa at man.poznan.pl
First Active2004-10-27
Last Active2024-08-13
Microsoft PlayReady Design Issue
Posted Aug 13, 2024
Authored by Adam Gowdiak | Site security-explorations.com

There is an architectural and design issue in Microsoft's PlayReady which can be successfully exploited to gain access to license server by arbitrary clients. The problem has its origin in flat certificate namespace / reliance on a single root key in PlayReady along with no authentication at the license server end by default (deemed as no bug by Microsoft).

tags | advisory, arbitrary, root
SHA-256 | ed22257eef3a2135b2af77d7c2f00a9ce66b0b7c3b3aefd2205eb5140d64e5c9
Microsoft PlayReady Data Leak
Posted Jun 21, 2024
Authored by Adam Gowdiak | Site security-explorations.com

On June 11, 2024, a Microsoft Engineer posted information about a crash that inadvertently leaked internal data related to PlayReady and Warbird libraries.

tags | advisory
SHA-256 | 0f71fa63d28b5ccf3a78398618e02286375e172ff1d63d1f7602e519ca576dbe
Microsoft PlayReady Complete Client Identity Compromise
Posted May 9, 2024
Authored by Adam Gowdiak | Site security-explorations.com

The Security Explorations team has come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client (Windows SW DRM scenario) for the communication with a license server and identity purposes. Proof of concept included.

tags | exploit, proof of concept, info disclosure
systems | windows
SHA-256 | c2dc2010ee36581d568d891c24ac2a0dfd8b8a87de8de3d72f1072bb1e38964a
Systemd Insecure PTY Handling
Posted May 6, 2024
Authored by Adam Gowdiak | Site security-explorations.com

Systemd-run/run0 allocates user-owned ptys and attaches the slave to high privilege programs without changing ownership or locking the pty slave.

tags | exploit
SHA-256 | 15c380418f4bc926342668506e97514b64da3e44af7c265140bf54c41a2ae6b3
Microsoft PlayReady Toolkit
Posted May 6, 2024
Authored by Adam Gowdiak | Site security-explorations.com

The Microsoft PlayReady toolkit assists with fake client device identity generation, acquisition of license and content keys for encrypted content, and much more. It demonstrates weak content protection in the environment of CANAL+. The proof of concept exploit 3 year old vulnerabilities in CANAL+ STB devices, which make it possible to gain code execution access to target STB devices over an IP network.

tags | exploit, vulnerability, code execution, proof of concept
SHA-256 | 79dab3a7323f19a26d78f497deb3ea0052f2376b984ec830648a755230a60801
Microsoft PlayReady Cryptography Weakness
Posted May 1, 2024
Authored by Adam Gowdiak | Site security-explorations.com

There is yet another attack possible against Protected Media Path process beyond the one involving two global XOR keys. The new attack may also result in the extraction of a plaintext content key value.

tags | advisory
SHA-256 | 624d62ae93c4eb9ee488a2e78ae15c8b8b941fc79346a6f1e3994060ab88fc9b
Microsoft PlayReady Failed DRM
Posted Apr 3, 2024
Authored by Adam Gowdiak | Site security-explorations.com

Microsoft PlayReady suffers from issues that can lead to disclosure of plaintext keys used to protect DRM'ed content.

tags | advisory, info disclosure
SHA-256 | 28a472f25d72b716bdb5a514be5776a5e12b397df68219d437bd1398ff26e123
Telit Cinterion IoT Traversal / Escalation / Bypass / Heap Overflow
Posted Apr 24, 2023
Authored by Adam Gowdiak | Site security-explorations.com

This is an extension of research on the original findings of CVE-2020-15858 in Telit Cinterion IoT devices. Numerous issues have been discovered including path traversal, Java privilege elevation, AT commands whitelist / blacklist bypass, a heap overflow in fragmented SMS, and more.

tags | exploit, java, overflow
advisories | CVE-2020-15858
SHA-256 | abb8c4529f9d5d619b36098b1423bf2e497fc0bebd5da0e83e1d5c9a49803636
CANAL+ / Microsoft PlayReady Cryptography Shortcomings / Authorization Bypass
Posted Dec 11, 2022
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations conducted a security analysis of Microsoft Play Ready content protection technology in the environment of the CANAL+ SAT TV provider. As a result, complete access to movie assets and content keys available in the CANAL+ VOD library could be gained with the use of a fake client device identity. Microsoft and CANAL+ have seemingly decided to ignore this large laundry list of failures.

tags | exploit
SHA-256 | ae147b5df942976857f81fb745ba330474556562626f4e5abf76e56fe99dca24
Java Card Proof Of Concepts
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.

tags | exploit, java, vulnerability, code execution, proof of concept
SHA-256 | 22ac20b59483601b9077fb4862bb70d8f034648a969c478415328a8d85326aca
Gemalto Java Card SE-2019-01 Issue 34
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the second of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issue 34 is documented in this report.

tags | advisory, java, vulnerability
SHA-256 | 67d6d552ce4c167529c7cd84de0d0be125a4bdc6728dcd0cc31fb219c9d4011d
Gemalto Java Card SE-2019-01 Issues 19 And 33
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the first of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issues 19 and 33 are in this report.

tags | advisory, java, vulnerability
SHA-256 | 32aca3def4a46b63b9c8e018bba1b57b074ab1a278951e26deaa861e0b140b14
Oracle Java Card SE-2019-01 Issues 26-32
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the third of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 26 through 32 are in this report.

tags | advisory, java, vulnerability
SHA-256 | 8d2b759c1b5a470b8d80314d6c5b026ab6eb6c87410e6af99040f73abe993b0f
Oracle Java Card SE-2019-01 Issues 20-25
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the second of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 20 through 25 are in this report.

tags | advisory, java, vulnerability
SHA-256 | 223a793bc15195c628f17c4fc553a3c603a66dd2a1b8dff8b24e298ddc831464
Oracle Java Card SE-2019-01 Issues 1-18
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the first of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 1 through 18 are in this report.

tags | advisory, java, vulnerability
SHA-256 | 6c524db6b0b45d01b1e715bfb97219d0ab2f4adb4b4e678d3b24918baa34d69e
Java Card VM Memory Safety
Posted Mar 20, 2019
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained.

tags | advisory, java, vulnerability, code execution
SHA-256 | 13a1c021f386ea8562db371d87447e51b75f82035a8868806f76394eb2c78f11
Exploitation Framework For STMicroelectronics DVB Chipsets
Posted Feb 20, 2019
Authored by Adam Gowdiak | Site security-explorations.com

A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details.

tags | exploit, overflow, proof of concept
SHA-256 | d213971899e2afa9864a8613af2fd95bc020cf4d68541d24a96d77ad4ad8264c
Exploitation Framework For STMicroelectronics DVB Chipsets
Posted Jan 22, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This detailed research paper discusses a multitude of security issues with STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks.

tags | exploit, overflow
SHA-256 | 15ea626ba332e60b314c81d0c40ab573322f5d2838ec298bfd26ea8118aa6c19
STMicroelectronics DVB Chipset Reverse Engineering
Posted Jun 8, 2018
Authored by Adam Gowdiak | Site security-explorations.com

This archive holds a 70+ pages long technical paper accompanied by two reverse engineering tools to analyze STMicroelectronics DVB chipsets.

tags | exploit
SHA-256 | 38bffd3496f315e8460e0c28a7d946b77b455c78115e5b31dff9bc4e92356db9
IBM Java Issue 70 Bad Patch
Posted Apr 12, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 70 in IBM Java discovered by Security Explorations in 2013 was found to be faulty. Included are the full report and a proof of concept.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5456
SHA-256 | 24180117b921605ffa337bfcd62c889bf47a2e79be4fd3593f12c7031b1258ce
IBM Java Issue 67 Bad Patch
Posted Apr 5, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.

tags | advisory, java
SHA-256 | 05acd35224d6d36ec0c881a14c2437781d3cf225c1d917f2a38924f23726bf48
Oracle Java Security Fix Bypass
Posted Mar 11, 2016
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5838
SHA-256 | 01bc25f8f8df246c49b97afca9f4177773fc93680f8d029f118b41c573555d1f
SE-2014-02 Oracle Errata
Posted Nov 30, 2015
Authored by Adam Gowdiak | Site security-explorations.com

In their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.

tags | advisory, java, root
advisories | CVE-2015-4871
SHA-256 | 926ad5f5f27088ecc130997d08aa12a0ca81902394fe5f1767a391a11cdfa9ea
Java SE 7 Improper Initialization
Posted Oct 22, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Issue number 42 from SE-2014-02 has been addressed by Oracle. Included in this archive are proof of concepts and information regarding the fix.

tags | exploit, proof of concept
systems | linux
SHA-256 | 7df623023a7204002b65855afccec136cda0d1a4a5470f0bb205626f4b1824fe
Security Explorations Math Versus Oracle
Posted Aug 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

This is a fun write-up detailing vulnerabilities in Oracle products discovered by the security community and how Oracle CSO Mary Ann Davidson's math on the subject just does not add up. No surprise there.

tags | advisory, vulnerability
SHA-256 | 2da1fcf5b8f0090fe5d0ec336bb7d93cd663a84c8ff4ad87b305664d9081d629
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close