“Two xref tables and two %%EOF“? This alone is not an indication of a malicious PDF file. There can by two or even more instances of each, if the file was generated via the “incremental update” feature. (Each digitally signed PDF file is like that, and each file which was changed in Acrobat and saved … Read more
I think your sscanf example is wrong. It can still overflow when used that way. Try this, which specifies the maximum number of bytes to read: void main(int argc, char **argv) { char buf[256]; sscanf(argv[0], “%255s”, &buf); } Take a look at this IBM dev article about protecting against buffer overflows. In terms of testing, … Read more
The code takes the address of the local variable i to get a pointer into the current stack frame. Then, it aligns the address to 8K page (that is what you do with x & ~8191: 8191 is 2^13 – 1 which means ~8191 is all ones except the low 13 bits, so ANDing it … Read more
The JNDI feature was added into Log4j 2.0-beta9. Log4j 1.x thus does not have the vulnerable code.
When articles talk about parameterized queries stopping SQL attacks they don’t really explain why, it’s often a case of “It does, so don’t ask why” — possibly because they don’t know themselves. A sure sign of a bad educator is one that can’t admit they don’t know something. But I digress. When I say I … Read more
Yes, you can format the console.log() with something like this: console.log(“%cExtra Large Yellow Text with Red Background”, “background: red; color: yellow; font-size: x-large”); Note the %c preceding the text in the first argument and the style specifications in the second argument. The text will look like your example. See Google’s “Styling Console Output with CSS” … Read more
Comment from Damien Miller (OpenSSH developer): http://lwn.net/Articles/340483/ In particular, I spent some time analysing a packet trace that he provided, but it seems to consist of simple brute-force attacks. So, I’m not pursuaded that an 0day exists at all. The only evidence so far are some anonymous rumours and unverifiable intrusion transcripts.
A patch has been provided by Oracle for el4 : https://oss.oracle.com/el4/SRPMS-updates/bash-3.0-27.0.1.el4.src.rpm https://oss.oracle.com/el4/SRPMS-updates/bash-3.0-27.0.2.el4.src.rpm https://oss.oracle.com/el4/SRPMS-updates/bash-3.0-27.0.3.el4.src.rpm https://oss.oracle.com/el4/SRPMS-updates/bash-3.0-27.el4.src.rpm As it is a src RPM, you need to compile then rpmbuild. or use this link to avoid the build http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.1.el4.i386.rpm http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.3.el4.i386.rpm I tested it on a 4.9 i386 system, passed the exploit test I have. (Ted)
The only way to be absolutely certain is to wipe every system clean and to reinstall from scratch. You will also need to audit all of the locally generated software and configurations to ensure that they do not contain backdoors. This is a non trivial task which comes with a non trivial cost. Beyond that … Read more