Tag: CVE

  • Dr. Jekyll and Mr. Hide (Sun & Disclosure)

    [This was originally published on the OSVDB blog.] Today just happened to be the right day where I saw the Jekyll and “Hide” of Sun though. A few days ago, |)ruid posted about a Solaris ypupdated vulnerability in which he says it corresponds to CVE-1999-0208 / OSVDB 11517. Given the original vulnerability was published in […]

  • Vulnerability Counts and OSVDB Advocacy

    [This was originally published on the OSVDB blog.] CVE just announced reaching 30,000 identifiers which is a pretty scary thing. CVE staff have a good eye for catching vulnerabilities from sources away from the mainstream (e.g. bugtraq) and they have the advantage of being a very widely accepted standard for tracking vulnerabilities. As companies and […]

  • 2007 Black Hat / DEF CON

    Tuesday, July 31st, 2007 – Black Hat – Day 1 Flight was uneventful. McCarran has a new car rental complex a ways from the airport. Leaving the complex dumps you directly on the strip, how convenient! I imagine someone on the tourism board is happy with themselves. Rented from Hertz as usual. While I did […]

  • OSVDB Search Tips & Tricks

    [This was originally published on the OSVDB blog.] I should have started a series of these posts long ago. One of the more frustrating parts of most VDBs is the lack of a helpful search function. Searching for some products (SharePoint) is easy enough, as the name is distinct and not likely to find many […]

  • CVE Commentary

    [This was originally published on the OSVDB blog.] http://cve.mitre.org/cve/edcommentary.html#community_issues CVE editor Steven Christey has begun to post commentary related to CVE and VDBs. [2013-07-07 Update: This effort didn’t last long. The last update was 2006-02-16, 4 days after this blog post. =(]

  • Insert a classy pun.

    [This was originally published on the OSVDB blog.] This entry should have been published days ago. On top of being overly busy and spread thin, I ran into a big problem related to finding a reference I wanted to include, which will lead to this being a little more ranty than intended. How is it […]

  • Rare case where being unprofessional is justified?

    [This was originally published on the OSVDB blog.] I think I may have found it. Claus Assmann (no no, too easy) of sendmail.org recently said some words to the CVE team regarding a recent Sendmail DoS. Look at the words and think about it: BTW: it would be nice if your process of creating a […]

  • The Upside to the Provenance Problem

    [This was originally published on the OSVDB blog.] As mentioned before, Christey of CVE mentions an ongoing problem in the vulnerability world is that of “provenance”, meaning “where the hell did that come from?!” Vulnerability Databases (VDB’s) like CVE and OSVDB are big on provenance. We want to know exactly where the information came from […]

  • State of vulnerability research?

    [This was originally published on the OSVDB blog.] Steve Christey of CVE has posted to several lists asking What is the state of vulnerability research? Before you dismiss the question, give it serious thought for a few minutes. Have any ideas, opinions or concerns about where vuln research is heading? Where it should be? Drop […]

  • Perl Format Strings

    [This was originally published on the OSVDB blog.] Dyad Security announced a new vulnerability in the Webmin miniserv.pl web server component. The perl is vulnerable to a format string bug, which is mostly unseen in perl and quite common in C programs. The post calls this a “a new class of exploitable (remote code) perl […]