No Picture

CVE-2015-0235

2015-02-04 ILHA CHO 0

<pre> #include <netdb.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <errno.h> #define CANARY "in_the_coal_mine" struct {   char buffer[1024];   char canary[sizeof(CANARY)]; } temp = { "buffer", CANARY }; int main(void) {   struct hostent resbuf;   struct hostent *result;   int herrno;   int retval;   /*** strlen (name) = size_needed – sizeof (*host_addr) – sizeof (*h_addr_ptrs) – 1; ***/   size_t len = sizeof(temp.buffer) – 16*sizeof(unsigned char) – 2*sizeof(char *) – 1;   char name[sizeof(temp.buffer)];   memset(name, ‘0’, len);   name[len] = ‘\0’;   retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);   if (strcmp(temp.canary, CANARY) != 0) {     puts("vulnerable");     exit(EXIT_SUCCESS);   }   if (retval == ERANGE) {     puts("not vulnerable");     exit(EXIT_SUCCESS);   }   puts("should not happen");   exit(EXIT_FAILURE); } </pre>

No Picture

January 2015 Updates

2015-01-14 ILHA CHO 0

Today, as part of Update Tuesday, we released eight security updates – one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows. We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here. We re-released one Security Bulletin: MS14-080 Cumulative Security Update for Internet Explorer One Security Advisory was revised: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801) For the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse. MSRC Team Source: ms-msrc

No Picture

A Call for Better Coordinated Vulnerability Disclosure

2015-01-12 ILHA CHO 0

For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere.  Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices and services people have come to depend on and trust. Just as malicious acts are planned, so too are counter-measures implemented by companies like Microsoft. These efforts aim to protect everyone against a broad spectrum of activity ranging from phishing scams that focus on socially engineered trickery, to sophisticated attacks by persistent and determined adversaries. (And yes, people have a role to play – strong passwords, good policies and practices, keeping current to the best of your ability, detection and response, etc. But we’ll save those topics for another day).      With all that is [ more… ]

No Picture

Evolving Microsoft's Advance Notification Service in 2015

2015-01-09 ILHA CHO 0

Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context. We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information [ more… ]

No Picture

그누보드 bbs/list.php 개선방안

2014-12-22 ILHA CHO 0

출처 : 정확한 출처는 확인이 안되고 neojzs 라는 분이 그누보드 커뮤니티에 올리 신 것으로 추정됨 파일명 : bbs/list.php // 원글만 얻는다. (코멘트의 내용도 검색하기 위함) $sql = ”select distinct wr_parent from $write_table where $sql_search”; $result = sql_query($sql); $total_count = mysql_num_rows($result); // neojzs 최적화 : 20080621 // 원글만 얻는다. (코멘트의 내용도 검색하기 위함) $sql= ”select count(distinct wr_parent) as cnt from $write_table where $sql_search”; $row = sql_fetch($sql); $total_count = $row[cnt];