what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files from Gerardo Richarte

Core Security Technologies Advisory 2007.0930

Posted Feb 25, 2008

Authored by Core Security Technologies, Gerardo Richarte | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability was found in VMware's shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host's file system including the system folder and other security-sensitive files. Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it. Proof of concept code included.

tags | exploit, proof of concept

advisories | CVE-2008-0923

SHA-256 | 68b271fbfbeed0f3bae80dc9ec60d6899f7aca244beef0090f1c0a0c97ce10b8

Download | Favorite | View

Core Security Technologies Advisory 2007.0928

Posted Oct 11, 2007

Authored by Core Security Technologies, Gerardo Richarte, Nahuel Riva | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability found in OpenBSD's dhcpd allows attackers on the local network to remotely cause the DHCP server to corrupt its process memory and crash; or continue functioning erratically thus denying service to all DHCP clients on the network and, if PF updates are in use, potentially affecting egress/ingress filtering as well. OpenBSD 4.0, 4.1, and 4.2 are affected.

tags | advisory, local

systems | openbsd

advisories | CVE-2007-0063

SHA-256 | cc127679daebed5635aaa505605a453c6446720485c7a6f386cb9d149b3fdbbc

Download | Favorite | View

Core Security Technologies Advisory 2007.0219

Posted Mar 14, 2007

Authored by Core Security Technologies, Gerardo Richarte, Alfredo Ortega, Mario Vilas | Site coresecurity.com

Core Security Technologies Advisory - The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in remote execution of arbitrary code at the kernel level on the vulnerable systems and/or a remote denial of service condition. Affected systems include OpenBSD 4.1 prior to Feb. 26th, 2006, OpenBSD 4.0 Current, OpenBSD 4.0 Stable, OpenBSD 3.9, OpenBSD 3.8, OpenBSD 3.6, and OpenBSD 3.1. Proof of concept exploit included.

tags | exploit, remote, denial of service, arbitrary, kernel, proof of concept

systems | openbsd

advisories | CVE-2007-1365

SHA-256 | 2d5d5651f3ce213312cb165a62fc0f511f0b8d1488dfffa7ab49170738c88652

Download | Favorite | View

Core Security Technologies Advisory 2007.0115

Posted Mar 8, 2007

Authored by Core Security Technologies, Gerardo Richarte | Site coresecurity.com

Core Security Technologies Advisory - GnuPG and GnuPG clients suffer from an unsigned data injection vulnerability.

tags | advisory

advisories | CVE-2007-1263, CVE-2007-1264, CVE-2007-1265, CVE-2007-1266, CVE-2007-1267, CVE-2007-1268, CVE-2007-1269

SHA-256 | 105bc292cde7181a51838486efb114fc2b42ca52c8eb7401d9334c18e0c47625

Download | Favorite | View

mailslot.txt

Posted Aug 27, 2006

Authored by Gerardo Richarte

Full write up discussing the Mailslot bug discussed in MS06-035 and another bug discovered alongside of it.

tags | advisory

advisories | CVE-2006-3942

SHA-256 | 37799790f311e5fe10057f6ffd957cdcaf20e6282be1505a9bad9655596797ba

Download | Favorite | View