Safari 0day
Posted: May 8th, 2010 | Author: xanda | Filed under: IT Related | Tags: 0day, exploit, safari, window.parent.close() | 1 Comment »I love the smell of Safari 0day in the morning π
I love the smell of Safari 0day in the morning π
Can you spot the security bug? π
mlfi_envrcpt(SMFICTX* ctx, char** envrcpt) { struct context *sctx = (struct context*)smfi_getpriv(ctx); SpamAssassin* assassin = sctx->assassin; FILE *p; #if defined(__FreeBSD__) int rv; #endif debug(D_FUNC, "mlfi_envrcpt: enter"); if (flag_expand) { /* open a pipe to sendmail so we can do addressexpansion */ char buf[1024]; char *fmt="%s -bv \"%s\" 2>&1"; #if defined(HAVE_SNPRINTF) snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]); #else sprintf(buf, fmt, SENDMAIL, envrcpt[0]); #endif debug(D_RCPT, "calling %s", buf); #if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */ rv = pthread_mutex_lock(&popen_mutex); if (rv) { debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv)); abort(); } #endif p = popen(buf, "r"); if (!p) { debug(D_RCPT, "popen failed(%s). Will not expand aliases", strerror(errno)); assassin->expandedrcpt.push_back(envrcpt[0]); |
Nice write up by Michael βtheprez98β Schearer
Quick update
Here is my short update. I was playing around with the ‘nice’ modem and I found 2 vulnerability
1) Remote code execution
2) DoS
Tested on Firmware Version : 2.10.5.0(UE0.C2C)3.7.6.1
I’m looking forward to play around with Riger Corporation’s modem that came with “Enhanced by TM R&D Malaysia” label on it π
:: Quick update ::
Today, I’ve been working on a video on the Aurora IE 0day exploit PoC that really mimics the original Aurora’s exploit on Google.
However, the original exploit gonna fail if you enable DEP on the machine.
A few minutes back, someone ping and inform me on the new PoC that gonna bypass the DEP. If true, enabling DEP wont protect IE users anymore π
But you are still safe if you disable Active Script / JavaScript support for your IE
Here is how you can disable the Active Shit/JavaShit Active Script / JavaScript support in your IE: Advisory