Feb 16 18

tuxOh no! google engineers discovered a stack-based buffer overflow vulnerability in the getaddrinfo() library function in the DNS resolver, shipped with glibc versions since 2.9, which may allow a remote attacker to execute arbitrary code.

written by d45id \\ tags: , , , , , ,

Feb 16 11

Engineers from exodus intelligence demonstrated an awesome undocumented feature in Cisco Adaptive Security Appliance (ASA), remote code execution via UDP. This feature is implemented in the Cisco IKE feature set. The algorithm for re-assembling IKE payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with attacker-controlled data.

Find out more:

written by d45id \\ tags: , , , , , , ,