SEARCH RESULTS
 
Showing 1-10 of 12 records
 
Expand article

Corrupted Heap Termination Redux

2008-06-07 04:00:00 by sdl in The Security Development Lifecycle
 
...HeapSetInformation correctly. In short there's an option when calling this function that will terminate your application if the heap manager detects some form of heap corruption, or the potential to cause heap corruption I would recommend you read the previous post before continuing You guessed it, the number one email I got after this post...
 
Tags: heap, free block list, block, handle, bogus heap handle, invalid, invalid heap, custom heap, block header
 
 
 
 
Expand article

Cisco warns of Unified Communications Manager heap overflow flaw

2008-01-16 00:00:00 by Linda Leung in Network World on Security
 
Cisco has released its first newsecurity alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager -contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code
 
Tags: communications manager, cisco, execute arbitrary code, heap overflow vulnerability, trust list, newsecurity alert, callmanager -contains, attack, hacker
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
...heap settings on all processes launched from the mini-debugger As a general rule, all exceptions must be triaged (reviewed) by the tester to determine if a bug needs to be filed. When fuzzing over a period of time however, we might generate hundreds of exceptions and it becomes a very labor-intensive process to sift through all of them. What...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...heap-based buffer overflow gunzip . In September 2006, my colleague Tavis Ormandy reported some interesting vulnerabilities in the gunzip decompressor. They were triggered when an evil compressed archive is decompressed. A lot of programs will automatically pass compressed data through gunzip, making it an interesting attack. The key parts...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...heap buffers There is a very high probability that the SDL would catch this because lstrcpy (and all its evil brethren) are on the Banned API list. We have seen bugs that do not affect Windows Vista because of banned API removal, one such example is MS06-078 in Windows Media Player. The SDL's Banned API removal requirement has proven to be...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Blue Box #76: Cisco, Skype and BT vulnerabilities, when SIP looks like SPIT, VoIP security threat predictions and the FBI forgets to pay their bills,

The Article has audio podcast
2008-02-14 18:37:50 by HASH0x8ba57a0 in Blue Box: The VoIP Security Podcast
 
...Heap Overflow Skype: SKYPE-SB/2008-001: Skype Cross Zone Scripting Vulnerability coverage in Skype blog and ComputerWorld article GNUcitizen: BT Home Call Jacking also mentioned in VOIPSEC message coverage in PC World and The Register Voice of VOIPSA : SIP Security slides at ETSI event Voice of VOIPSA : How do you differentiate between...
 
Tags: voip, voip infringements, voip security professional, voip threat predictions, voip security news, voip security, voip security podcast, comments, sip
 
 
 
 
Expand article

What If All Vulnerabilities Had This Disclosure Timeline?

2008-02-07 02:08:33 by Chris Wysopal in Zero in a bit
 
...heap overflow vulnerability in RealPlayer 11 build 6.0.14.74. It allows for code execution when RealPlayer opens a malicious song file Timeline Dec 16, 2007: Gleg customers notified of vulnerability and given exploit code Jan 1, 2008: Public disclosure (no details) with online demonstration Feb 6, 2008: Vulnerability still not patched Its not...
 
Tags: vulnerability finders, vulnerability, vulnerability exists, heap overflow vulnerability, gleg realplayer vulnerability, gleg customer, customer, gleg, exploit code
 
 
 
 
Expand article

Blue Box #76: Cisco, Skype and BT vulnerabilities, when SIP looks like SPIT, VoIP security threat predictions and the FBI forgets to pay their bills,

2008-02-14 19:37:49 by Dan York in Blue Box: The VoIP Security Podcast
 
...Heap Overflow Skype: SKYPE-SB/2008-001: Skype Cross Zone Scripting Vulnerability ??? coverage in Skype blog and ComputerWorld article GNUcitizen: BT Home Call Jacking also mentioned in VOIPSEC message ??? coverage in PC World and The Register Voice of VOIPSA : SIP Security slides at ETSI event Voice of VOIPSA : How do you differentiate...
 
Tags: voip, voip infringements, voip security professional, voip threat predictions, voip security news, voip security, voip security podcast, comments, sip
 
 
 
 
Expand article

3Com, Bain, Huawei rises from the dead - Where there is a will, there is a way

The Article has images
2008-02-29 19:53:35 by HASH0x8ae8b00 in StillSecure, After All These Years
...heap of trouble. What options do they have Without bringing politics into the equation, I think a healthy 3Com that can compete with Cisco is important. Taking Tipping Point out of the equation, I don't see what should hold this deal up. I think it will be best for a healthy competitive networking gear marketplace. The current near monopoly...
 
Tags: 3com, healthy competitive, healthy, healthy 3com, plan, parties time, parties, acceptable plan, current stock price