Jump to content

Search the Community

Showing results for tags 'apr'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 2 results

  1. QuoVadis

    Idei pret?

    Voi cat ati cere (realistic!) de pus bannere pe un site de nisa IT/tech cu majoritatea vizitatorilor din UK? Statistica 27 Apr 2014 - 27 Apr 2015 aici:
  2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ## Advisory Information Title: FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415) Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-1415.txt.asc Date published: 2015-04-07 Vendors contacted: FreeBSD Release mode: Coordinated release ## Product Description FreeBSD is a UNIX-like operating system. ## Vulnerability Summary FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk. ## Details By default, the encryption key file is /boot/encryption.key. Instead of being 0600, the permissions are 0644: $ ls -la /boot/encryption.key - -rw-r--r-- 1 root wheel 4096 Feb 17 15:16 /boot/encryption.key $ This file is readable by a local user. ## Vendor Response According to the vendor, a security advisory will be published, describing the problem and the solution. It concerns: - stable/10, 10.1-STABLE - releng/10.1, 10.1-RELEASE-p8 - releng/10.0, 10.0-RELEASE-p18 ## Report Timeline * Mar 01, 2015: Problem found by Pierre Kim * Apr 01, 2015: Vendor is notified of the vulnerability * Apr 01, 2015: Vendor confirms report and indicates a fix is prepared but there will be no security advisory format notification because of the nature of the problem * Apr 02, 2015: Pierre Kim asks a CVE number to the vendor * Apr 02, 2015: Vendor indicates to use CVE-2015-1415 and confirms that a signed notification to the mailing lists will be sent. * Apr 03, 2015: Pierre Kim contacts FreeBSD about the future notification * Apr 04, 2015: Vendor confirms a security advisory will be published next week * Apr 07, 2015: Vendor publishes a security advisory (FreeBSD-SA-15:08) * Apt 07, 2015: This advisory is sent to bugtraq@ ## Credit This vulnerability was found by Pierre Kim (@PierreKimSec). ## References https://www.freebsd.org/doc/handbook/bsdinstall-partitioning.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1415 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc ## Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVJF22AAoJEMQ+Dtp9ky28NDgP/iW9YALiZKLPVhnShFEhFO4C SvSza1s7LJkhtOH8qOGplzTrn8wSV5BNhwzMaIaKpksP5RjoCkynxvAw/OncazPl tsfHM89m7bQ4puyXF3eb6lMkfaIkxoDAXM5R5DFb2Q+3wg4SDygdM7+BQEdqCXDV 2B+ZNGae2CcsqLq04zjskFgY2bwqNMyX3GbbmUJvVI5IXQIS30e1lVIq8zxcK7u0 lKFlVyp+gdyusenPz0lCqR82Pe1IA3tHuNn2zw3/EudT4VhD789/t/0lEWlSyNg7 uiTCqFpQXnpEnvXEez1gZiDuNccIMXXYv0agB+/mYkkoviQPk5jqCwI5rvs+ppFU IH0gAafqS/UIl5+/dhDdIVDA4+r4WWLUxJfFkDy4ThCQHZtZMCsBYk3/RNJBPDUW JiVZWV8LSSHtYfWj7YoiCswuC9FLp6CT9e+/XQUJjpNrwfpeT5KlFOCFUKQXwV6W 5nUJnQhjVfrXVjeRuOvMCInSwG8DWbfyX75QMmJNyV7aPMrS2prRXbOlTLuQUyzP cJkmToeO4XE4COV+jvtC+c39Booy3r8yp3lfHmz1NXffiv6Ua+11vLamUeYOVPew r4TmionPpSeAx3ODhKEKGjW+HIkl9sx3WcSnEBl88Aqd3Zv77G3ok4usFz4PvPnb /hnH/lhpePtv13jyZpXc =pOPH -----END PGP SIGNATURE----- Source
×
×
  • Create New...