Rodrigo Rubira Branco (BSDaemon)

Navigation

News
Projects
Docs
Pictures
Advisories
Exploits (49)
LSM
Books
Movies
Blog
Fun
Shellcodes
About
Future

Friends

RISE Security
Priv8Security
M00
DSR
RFDS Labs
THC
Hack in The Box Conference
Troopers
Hackito
uCon Conference
Metasploit Project

RISE Security

I'm member of RISE Security

"There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies."
-- C.A.R. Hoare

"I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone."
-- Bjarne Stroustrup

Hackers 2 Hackers Conference

I'm one of the organizers of the Hackers 2 Hackers Conference, in Brazil... this is the 21 edition: http://www.h2hc.com.br

Advisories

Solaris X.Org Memory Corruption Vulnerability (CVE-2012-1699)> - Oracle Advisory here
Apple Quicktime Memory Corruption Vulnerability that lead to code execution (CVE-2012-0671)
Multiple Memory Corruption Vulnerabilities that lead to code execution in Shockwave Player (CVE-2012-2029, CVE-2012-2030, CVE-2012-2031)
Multiple Memory Corruption Vulnerabilities that lead to code execution in Shockwave Player (CVE-2011-2115)
Memory Corruption Vulnerability that leads to code execution in Adobe Reader (including X) (CVE-2011-2098)

Check Point Advisories

Microsoft Office Excel Memory corruption Vulnerability - CVE-2011-0104 - MS11-021
Recaptcha WordPress Pluging Cross Site Vulnerability (XSS) - CVE-2011-0759
Related Posts WordPress Pluging Cross Site Vulnerability (XSS) - CVE-2011-0760
LiveZilla Cross Site Scripting Vulnerability - CVE-2010-4276
Apple Quicktime Memory Corruption - CVE-2010-3801
Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277
Radius Manager Multiple Cross Site Scripting (XSS) Vulnerabilities - CVE-2010-4275
Apple Directory Services Vulnerabilities - CVE-2010-1840
Memory Corruption Vulnerability in Adobe Shockwave - CVE-2010-4086
Memory Corruption Vulnerability in Adobe Shockwave - CVE-2010-4087
Memory Corruption Vulnerability in Adobe Shockwave - CVE-2010-4088
Memory Corruption Vulnerability in Adobe Shockwave - CVE-2010-4089
cForms WordPress Plugin Cross Site Script Vulnerabilities - CVE-2010-3977
Spree e-commerce JSON Hijacking Multiple Vulnerabilities - CVE-2010-3978
Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2010-3331
Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453
Memory Corruption Vulnerability in Adobe Shockwave - CVE-2010-2864
Memory Corruption Vulnerability in Adobe Shockwave - CVE-2010-2881
Memory Corruption Vulnerability in Adobe Shockwave - CVE-2010-2869
Memory Corruption Vulnerability in Adobe Shockwave - CVE-2010-2868
Memory Corruption Vulnerability in Adobe Shockwave - CVE-2010-2880
Memory Corruption Vulnerability in Adobe Shockwave - CVE-2010-2882
Apple Preview Memory Corruption Vulnerability - CVE-2010-1801
Microsoft Office Word HTML Linked Objects Memory Corruption Vulnerability - CVE-2010-1903
RPC.ttdbserver Heap Overflow - Affecting IBM/AIX, HP-UX, Oracle's Sun Solaris - CVE-2010-0083
GhostScript Stack Overflow - CVE-2010-1869
RPC.pcnfsd Remote Format String - Affecting IBM/AIX, HP-UX, SGI/Irix - CVE-2010-1039

ZDI released my vulnerability in Calendar Manager (affecting HP-UX, AIX and Solaris) - CVE-2010-4435 - The code to trigger the vulnerability is here

iDefense released my vulnerability in RPC.cmsd (affecting AIX and VIOS) - The code to trigger the vulnerability is here

Works with other friends

I found several vulnerabilities in OProfile 'jited' source for IBM, here are the mails about it (an IBM developer coded the patch):
Original
Reply 1
Reply 2
Reply 3
The patch itself

FreeBSD/NetBSD/TrustedBSD*/DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure
- A patch for this issue

RISE Security Advisories

Linux eCryptfs parse_tag_3_packet Encrypted Key buffer overflow vulnerability

Linux eCryptfs parse_tag_11_packet Literal Data buffer overflow vulnerability

ToolTalk rpc.ttdbserver _tt_internal_realpath buffer overflow vulnerability

Sun Solstice AdminSuite sadmin adm_build_path() buffer overflow vulnerability

Apple MacOS X 10.4.x Kernel i386_set_ldt() Integer Overflow

Firebird Relational Database Multiple Buffer Overflws

Borland Interbase Multiple Buffer Overflows

Apple Mac OS X 10.4.x kernel shared_region_map_file_np() memory corruption vulnerability

FreeBSD 5.x Kernel Integer Overflow Vulnerability
- A patch for this issue
- Securityfocus (bugtraq) link

X11R6 XKeyoard extension strcmp() buffer overflow vulnerability - Original sun advisorie crediting us

Priv8 Security Advisories

LCDProc Advisorie 1

LCDProc Exploit 1

LCDProc Advisorie 2

LCDProc Exploit 2

Mandrake 9.0 multiple suid binaries vulnerabilities Advisory

escputil exploit

mtink exploit

ml85p exploit

kon exploit

Gnome Batalla Naval Advisory

Remote exploit for Borland Interbase 7.1 SP 2 and lower

AppleFileServer Remote Root Overflow Exploit

MacOSX DirectoryService local root exploit

priv8atari800.pl

priv8elog.pl

Gnome Batalla Naval Exploit

priv8lc.pl

Xlock Vulnerability

Halflife Remote Vulnerability (together with UHAGR group)

Stunnel Vulnerability

CD Record Vulnerability

Seed Security Advisories

GNU Mailutils imap4d Format String Vulnerability Metasploit Module

Apple report given the credits for the bug discovery to seedsecurity and iDefense

Advisories/Exploits with acknowledges to me

m00 archive has the 0w http exploit with target added by me to debian systems Click here for a local version

TCP/IP Stack Vulnerability

OSU HTTP for OpenVMS information disclousure - Acknowledges to risesecurtiy.org

:: copyleft 2004-2024 - Rodrigo Rubira Branco (BSDaemon) ::