Wordpress - xorl.wordpress.com - xorl %eax, %eax
General Information:
Latest News:
CVE-2013-3228: Linux kernel IrDA Information Leak 26 May 2013 | 04:18 pm
This is another simple kernel memory information leak fixed by Mathias Krauss. Here is the exact code where this bug is located in net/irda/af_irda.c code. This is a command which is defined as shown ...
CVE-2013-2007: QEMU Guest Agent Insecure File Permissions 26 May 2013 | 04:14 pm
This vulnerability was reported by Laszlo Ersek of Red Hat and it allows guest privilege escalation when started in daemon mode. As he mentioned, QEMU guest agent creates files with incorrect file per...
CVE-2013-1798: Linux kernel KVM IOAPIC_REG_SELECT Invalid Memory Access 24 May 2013 | 12:44 am
This was very nice vulnerability reported by Andrew Honig of Google. The bug is triggered when a user specifies an invalid IOAPIC_REG_SELECT value which is reachable via read KVM I/O device operation ...
CVE-2013-2074: KDE kdelibs Password Exposure 23 May 2013 | 01:47 am
This was a low impact vulnerability reported by m.wege. The issue occurs on “internal server error” and triggers the below code located at kioslave/http/http.cpp. Clearly, error() could be called pass...
CVE-2013-1796: Linux kernel KVM MSR_KVM_SYSTEM_TIME Buffer Overflow 23 May 2013 | 12:15 am
This is a really nice vulnerability killed by Andy Honig. It is particularly interesting because it allows host kernel memory corruption through guest GPA (Guest Physical Address) manipulation. If we ...
CVE-2013-1848: Linux kernel EXT3 ext3_msg() Format String 21 May 2013 | 11:15 pm
Recently Lars-Peter Clausen committed a change on Linux kernel that fixes a format string vulnerability in the EXT3 filesystem code. The susceptible code resides in fs/ext3/super.c but to better under...
C Quiz No. 2 18 May 2013 | 06:44 pm
Continuing from the first one back in 2009, here is another that a friend of mine send me yesterday. The concept is that you are free to put whatever you want in do_your_stuff() in order to make it pr...
CVE-2013-1774: Linux kernel Edgeport USB Serial Converter NULL Pointer Dereference 18 May 2013 | 06:14 pm
This is a vulnerability fixed by Wolfgang Frisch and the buggy code resides in drivers/usb/serial/io_ti.c as you can see below. If the equivalent /dev/ttyUSB device file is in use while the device is ...
CVE-2013-1819: Linux kernel XFS _xfs_buf_find() NULL Pointer Dereference 18 May 2013 | 06:12 pm
On 21 January 2013 Dave Chinner of Red Hat committed a change that fixes a NULL pointer dereference vulnerability in XFS filesystem. The below routine is located in fs/xfs/xfs_buf.c file. First of all...
Book: Absolute OpenBSD (2nd Edition) 18 May 2013 | 04:19 pm
This is an excellent book for OpenBSD I recently had the opportunity to read. Let’s move on to my per chapter overview of the book. Title: Absolute OpenBSD: UNIX for the Practical Paranoid Author: Mic...
