Can you spot the security bug?
mlfi_envrcpt(SMFICTX* ctx, char** envrcpt)
{
struct context *sctx = (struct context*)smfi_getpriv(ctx);
SpamAssassin* assassin = sctx->assassin;
FILE *p;
#if defined(__FreeBSD__)
int rv;
#endif
debug(D_FUNC, "mlfi_envrcpt: enter");
if (flag_expand)
{
/* open a pipe to sendmail so we can do addressexpansion */
char buf[1024];
char *fmt="%s -bv \"%s\" 2>&1";
#if defined(HAVE_SNPRINTF)
snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
#else
sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
#endif
debug(D_RCPT, "calling %s", buf);
#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
rv = pthread_mutex_lock(&popen_mutex);
if (rv)
{
debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
abort();
}
#endif
p = popen(buf, "r");
if (!p)
{
debug(D_RCPT, "popen failed(%s). Will not expand aliases", strerror(errno));
assassin->expandedrcpt.push_back(envrcpt[0]);
xanda IT Related Bugtraq ID 38578, exploit, remote, SpamAssassin
Nice write up by Michael “theprez98” Schearer

Get the PDF file
HERE
xanda IT Related addons, exploit, firefox, hacking, metasploit, web, web based
Quick update
Here is my short update. I was playing around with the ‘nice’ modem and I found 2 vulnerability
1) Remote code execution
2) DoS
Tested on Firmware Version : 2.10.5.0(UE0.C2C)3.7.6.1
I’m looking forward to play around with Riger Corporation’s modem that came with “Enhanced by TM R&D Malaysia” label on it
xanda IT Related 0day, billion, exploit, malaysia, modem, remote, riger, router, telekom, TM
:: Quick update ::
Today, I’ve been working on a video on the Aurora IE 0day exploit PoC that really mimics the original Aurora’s exploit on Google.
However, the original exploit gonna fail if you enable DEP on the machine.
A few minutes back, someone ping and inform me on the new PoC that gonna bypass the DEP. If true, enabling DEP wont protect IE users anymore
But you are still safe if you disable Active Script / JavaScript support for your IE
Here is how you can disable the Active Shit/JavaShit Active Script / JavaScript support in your IE: http://www.mycert.org.my/en/services/advisories/mycert/2010/main/detail/724/index.html
xanda IT Related 0day, aurora, CVE-2010-0249, DEP, exploit, IE, internet explorer, vista, windows, windows 7, xp

I was reading my RSS feed and suddenly I’ve found this PDF sample. We’ve found PDF-JS Obfuscation with this.info.title last week and this time comes another trick. Using hexadecimal in defining filter..
The following line was found in one of the stream
</Length 0000000/Filter/#41#53#43#49#49#38#35#44#65#63#6f#64#65>>
once converted from hex to ascii, here is what i’ve found
</Length 0000000/Filter/ASCII85Decode>>
Yeah.. nothing much, but yes the sample will be passed to Azizan for enhancement of Analyz3r
xanda IT Related analyz3r, client side, exploit, filter, hex, pdf