Musings on Information Security: October 2009

skip to main | skip to sidebar

_ Where facts are few, experts are many

Home
Advisories
Daily News Paper
About Me
Contact
Subscribe RSS

Computer Associates multiple products - RCE

[Tuesday, October 13, 2009 | 0 comments ]

Subscribe to the RSS feed in case you are interested in updates

I released another advisory today, the affected products are from Computer Associates who I'd like to thank for the cooperation and feedback.

I published the advisory @G-SEC

Links to this post

Home

About Me

Thierry Zoller: Welcome to my personal Blog - I blog about Information Security and in general anything I regard as newsworthy. On the professional side I am currently working as an EMEA Practice Lead at Verizon Business for Threat and Vulnerability Management based in Luxembourg.

Quick-links
▪ My vulnerability disclosure policy
▪ About me / Profile
▪ Tools / Talks / Whitepapers
▪ Contact Me

The views and opinions expressed on this blog are my personal views and are not intended to reflect the views of my employer or any other entity.

View my complete profile

Follow by Email

Cluster Map

Popular Posts

IIS 6 / IIS 5 / IIS 5.1+ Webdav auth bypass [Final]

Table of Contents Updates Bulletins Am I at risk ? Tools Technical details 0.1 Personal message Several news stories seem to allu...
PCI compliance, Security in isolated systems and Parking Tellers

A colleague of mine spotted the below while we were doing our expenses - The photograph below shows two separate receipts from two parking ...
CVE-2010-x+n - Loadlibrary/Getprocaddress roars its evil head in 2010

Subscribe to the RSS feed in case you are interested in updates After Acrossecurity , published an interesting vulnerability and HDmoo...
The BEAST summary - TLS, CBC, Countermeasures (Update 4)

Lots of good information floating on the internet on the Proof of Concept (dubbed 'BEAST) against TLS 1.0 by Juliano Rizzo and Thai Duong ...
CVE-2010-2568 - LNK Code execution - Proof of concept (Update)

Subscribe to the RSS feed in case you are interested in updates Ivanlef0u released a POC for the exploit used in targeted attacks : http...

Twitter Updates

Blogs I read

Metasploit

"Pass the hash" with Nexpose and Metasploit - I am proud to announce that Nexpose 5.1.0 now supports "pass the hash", a technique to remotely authenticate against a Windows machine (or any SMB/CIFS s...
6 hours ago
Leblanc

Blog Post: Windows Azure Troubleshooting - Taking specific Windows Azure Instance offline -
9 hours ago
Schneier on Security

Password Sharing Among American Teenagers - Interesting article from the *New York Times* on password sharing as a show of affection. "It's a sign of trust," Tiffany Carandang, a high school senior...
14 hours ago
Securosis Highlights

Friday Summary: January 27, 2012 - This is the Securosis Friday Summary. For those of you who don’t know this is where Rich and I vent. When I started working with Rich I used to loathe wr...
20 hours ago
IBM Internet Security Systems Frequency X Blog

CVE-2012-0003 Exploited in the Wild -
1 day ago
Ma petite parcelle d'Internet...

De la fermeture de Megaupload... - L a fermeture par le FBI de Megaupload la semaine dernière a eu l'effet d'une bombe. Pas un média, tout support confondu, n'a pu se retenir d'en parler. Mê...
1 day ago
Troy Hunt

.NET Rocks talks security with Carl, Richard and Troy - Yep, *this *Troy! Right at the tail end of my Christmas holidays a couple of weeks back I had the pleasure of having a great chat with these guys: [image...
3 days ago
Cognitive Dissidents

Nomination for Most Educational Blog - It’s an honor just to be nominated. A few weeks ago, the nominations for the 2012 Social Security Bloggers Awards came out. Given how spanky new this blog ...
4 days ago
root labs rdist

More on the evolution of password security - Last time, we covered three factors that affect actual security of a password: Entropy — How many possibilities does the attacker need to consider? Guess r...
1 week ago
VRT

A New Hope - Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD) know a secret: The Federal government is REALLY good at watching people, much better than, say...
3 weeks ago
/dev/ttyS0

Reaver Now Goes to 11 - The decision has been made to open source the Reaver command line tool. The commercial version will contain the all the features the open source command-li...
3 weeks ago
...And You Will Know me by the Trail of Bits

Pwn2Own Pre-Game - Just in time to get warmed up for Pwn2Own, we are delivering a joint offering of the training courses “Bug Hunting and Analysis 0×65” by Aaron Portnoy and ...
1 month ago
Androguard

Virtual Machine for Android Reverse Engineering - Hi !! Now, it's possible to download a virtual machine (for VirtualBox) with all interesting tools around android RE. So you can test directly Androguard, D...
2 months ago
ax330d's blog

Summing up SVG fuzzing in browsers - Hi there. As the title states, this is a summary of SVG fuzzing results. Today I would like to prattle a bit about what I was doing for some 2 weeks in t...
4 months ago
Cup of Security

Remove a Certification Authority from Mac OS X Keychain (UPDATE) - This post is an update (and a translation) of a previous one I published more than a year ago to explain how to remove a Certification Authority (CA) from ...
4 months ago
Nynaeve

NWScript JIT engine: Wrap-up (for now) - Yesterday, I provided a brief performance overview of the MSIL JIT backend versus my implementation of an interpretive VM for various workloads. Today, I’l...
1 year ago

Show 5 Show All

Blogroll

Joe Sandbox
Hack.lu
SVEN
Cup of Security Blog
Heise Security
Korbens Blog
Joebox
Beatrix
Metasploit

Labels

Advisory (52)
Rants from Thierry (19)
Tool (14)
Vulnerabilties (10)
Misc (7)
How-to (6)
Lectures (2)
Whitepaper (2)
zero day (1)

Copyright Musings on Information Security Template by Michael Jubel