Twitter | Pretraživanje | |
Saul Procterm
Stuff and whatnot.
38
Tweetovi
12
Pratim
137
Osobe koje vas prate
Tweetovi
Saul Procterm 28. sij
Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: PS: "Did you ever play tic-tac-toe?"
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 11. pro
Qualys Security Advisory Team: Local Privilege Escalation in OpenBSD's loader (, CVE-2019-19726). Getting root on default install (i386/amd64), by tweaking the environment variables. Exploit and more details at:
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 8. pro
Odgovor korisniku/ci @gggeek
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 4. pro
Qualys Security Advisory: Authentication vulnerabilities in OpenBSD's auth system (CVE-2019-19521). LPE on default install via xlock (CVE-2019-19520) and su (CVE-2019-19519). Local root if S/Key or yubikey is enabled (CVE-2019-19522). More details at
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 6. ruj
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 6. lip
Odgovor korisniku/ci @pozdnychev
Qualys Security Advisory Team: "The return of the WIZard", now the full advisory (CVE-2019-10149) is available at
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 6. lip
Odgovor korisniku/ci @grsecurity
You're absolutely right, it's on another level. I was more concerned by the 280 char limit than the tweet content.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 5. lip
Qualys Security Advisory Team: "The return of the WIZard" (CVE-2019-10149). Instant LPE in Exim (4.87 to 4.91). Seven days to trigger a RCE. No memory corruption or ROP involved. Bypass NX/ASLR/SSP/PIE/full RELRO/etc. Architecture independent. More at
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 10. svi
Odgovor korisniku/ci @pozdnychev
More details given here:
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 9. svi
Odgovor korisniku/ci @pozdnychev
If your distribution is pretty close to the ones mentioned above, you might want to edit target.c and change the md5sum to give a shot. It should take, as the advisories says, about 10min on i386 and 70+min on amd64, with a quite big variance.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 9. svi
Qualys Security Advisory Team: "System Down" (systemd-journald) exploit for CVE-2018-16865 and CVE-2018-16866 is released. It should work at least on Debian Stretch (i386/amd64), Ubuntu 18.04.1 (amd64) and CentOS 7.5 (amd64). More at
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 9. sij 2019.
Odgovor korisniku/ci @pozdnychev
s/memory leak/information leak/.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 9. sij 2019.
Qualys Security Advisory team: "System Down: a systemd-journald exploit". Memory corruptions (CVE-2018-1686{4,5}) and one memory leak (CVE-2018-16866) in systemd. LPE on most Linux distros (except those compiled with -fstack-clash-protection). Details at
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 25. ruj 2018.
Qualys Security Advisory Team - Mutagen Astronomy: Integer overflow in Linux's create_elf_tables(), CVE-2018-14634. LPE (full root) from a suid-root binary. RHEL, CentOS and Debian 8 are vulnerable. Advisory, PoC and exploit at:
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 27. kol 2018.
Qualys Security Advisory Team: another OpenSSH "user enumeration". From OpenSSH 5.9 to 7.8 (august 24th, 2018). "PoC" (well, a 2-liners) provided. More details on
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 23. kol 2018.
Odgovor korisniku/ci @i0n1c @qualys @Sekurak
Just read the e-mail sent to oss-sec:
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 15. kol 2018.
Qualys Security Advisory Team: OpenSSH Username Enumeration, in all versions (Linux, *BSD, ...) since november 2000. Fixed in 7.8p1 but not tagged as a security issue. More details in
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 3. lip 2018.
Odgovor korisniku/ci @pawel_lukasik @LiveOverflow
pwndbg... when the installation is not f*cked up.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 17. svi 2018.
Qualys Security Advisory team: Procps-ng audit; 127 proposed patches, from minor bugs to security ones; 7 CVEs; 2 Denials of service; One process-hiding method; 2 LPEs; Userland vulnerability leading to escape from a container.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saul Procterm 13. pro 2017.
Qualys Security Advisory Team: various bugs in iscsiuio,
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Učitaj starije tweetove