Skip to content

{ Category Archives } Advisories

New Advisories: Multiple Vulnerabilities in Geo++(R) GNCASTER

RedTeam Pentesting published three new advisories today. During a pentest, we found security vulnerabilities in the Geo++(R) GNCASTER NTRIP Caster:

RT-SA-2010-001: Insecure handling of long URLs
RT-SA-2010-002: Insecure handling of NMEA-data
RT-SA-2010-003: Faulty implementation of HTTP Digest Authentication

All vulnerabilities have been fixed by the vendor in version 1.4.0.8, so if you happen to run this software, please update [...]

Tagged , ,
2010 01 27 phof Comments (0)

New Advisory: 0wning with Gimp

It’s advisory time again:

RT-SA-2009-005: Papoo CMS: Authenticated Arbitrary Code Execution

This one’s nice because you can do your exploit development in Gimp. The idea is to plant your exploit code (in this case, PHP code) in a file with a valid GIF header and the file extension .php. Papoo CMS only sees the valid GIF header [...]

Tagged , , , ,
2009 08 10 phof Comments (3)

Advisory Release Policy

When RedTeam finds vulnerabilities in some generally available software, we go the usual way of writing advisories. These findings usually occur during pentests. We of course do not immediately release whatever we found to the public, but go through a process I want to describe in a little bit more detail here. I’m doing [...]

Tagged , , , ,
2009 06 16 phof RedTeam Comments (0)

Kernel time – time for patches

Yesterday Linux 2.6.18.3″>Linux 2.6.18.3 came out. A quick look into the changelog revealed:

commit c721af6db5992d16fbd93855666eafa616512e00
Author: Adrian Bunk
Date: Wed Nov 15 17:01:46 2006 +0100
[PATCH] security/seclvl.c: fix time wrap (CVE-2005-4352)
initlvl=2 in seclvl gives the guarantee
“Cannot decrement the system time”.
But [...]

Tagged ,
2006 11 20 jensl RedTeam Comments (0)

Viel Spass

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096

Wenn man jetzt den passenden exploit Code zur Hand hat….;)

Tagged ,
2005 07 07 tronicum RedTeam Comments (0)

Security research

Today we have published three new advirories dealing with pserv (pico server), although we are doing penetration testing heavily at the moment. You can find them at the usual place on our homepage. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2005-1365, CAN-2005-1366 and CAN-2005-1367 to these issues.

Tagged ,
2005 05 17 jensl RedTeam Comments (0)

0wn3d by an iPod – now for download

Besides the Slides from CanSecWest we now put Linux modified for the iPod to do the FireWire Attacks online. Get
it here.

Tagged ,
2005 05 06 mdornseif Firewire Comments (0)

Directory traversal in CitrusDB

coming soon

Tagged ,
2005 02 04 till RedTeam Comments (0)

SQL-Injection in CitrusDB

coming soon

Tagged ,
2005 02 04 till RedTeam Comments (0)

Authorization bypass in CitrusDB

coming soon

Tagged ,
2005 01 30 till RedTeam Comments (0)