CVE-2010-0010: Apache mod_proxy vulnerability
After contact with Apache security team i can publish new advisory. This bug exists only in apache 1.3 version in mod_proxy modules, only in 64 bits architecture.
I would like to thanks Colm MacCárthaigh – the guy responsible for contact with me and patch this hole.
Bugfix is available in a forthcoming version of Apache 1.3.x.
If you have any question just contact with me. Advisory is avaible here:
30
Dec
This will be very short post… I have found (few months ago) security vulnerability in one of Apache server/module. I contact with apache security team. After few days I will decide about “future” of this bug – publish or wait for security path and publish after it. Now I can paste here simple output from gdb:
15
Dec
More than year ago I was publish advisory in ‘mtr’ software. I think, personally, it is great bug because it can’t exist without unspecified situation in libresolv library 
The question is why have I written information about it on blog?
I forgot add this advisory in my site (sic!) Now it’s ok and you can find this advisory here.
I attached to this advisory details and Proof Of Concept. If you haven’t read it yet i strongly recommend you to do it because it shows that sometimes if we read source code we think bug doesn’t exists but sometimes other external stuff/bugs/unspecified situation help us to trigger and exploit unexisting bug
6
Dec
Is it a dream? Impossible? Bugs in CPU? No… it’s reality! CPU is only a piece of hardware. Everything have bugs… CPU too. I will give here only a piece of information about bugs in INTEL products…
OK. I haven’t written long time on blog. Today I want to show you what sometimes
yum can do without your knowledge. Few days ago I was upgrading one of system using yum.
Everything looked fine. I was happy that sometimes yum is useful. After work I went sleep
and next day I received messages that smth is fu** up with www…
13
Nov
CERN – The European Organization for Nuclear Research…
Now I have more time so I can write something more about my job…
23
Oct
CERN – The European Organization for Nuclear Research…
Last few weeks I was talking(mailing) with Derek (xpdf developer – btw. really nice guy) about some vulnerabilities in his product. 14th of October he published path for bugs (not only my vulnerabilites) so i decide to release advisory…
26
Sep
SecDay 2009
Zanim zacznę opisywać swoje wrażenia odnośnie konferencji, napiszę parę zdań o blogu, który właśnie czytasz Tak sobie obiecałem (i dla Icewall‘a :>), że w końcu trzeba by było zrobić jakąś swoją mini www. Było mi trochę głupio za każdym razem przy prowadzeniu prezentacji musiałem informować, że moja strona nie działa (i tak od ponad roku). No i w końcu sie stało Kupilem domenkę (mimo, że ktoś mi “ukradł” tą, którą chciałem bardziej :>) i dzięki uprzejmości buz‘a (thanks!) pobawiłem się VPS’em, który od niego dostałem Co prawda nie mogę zmieniać jajka (sic!), ale i tak ułatwi(ło) mi to ogromnie pracę nad stroną i blogiem. Jednak co posiadać swój serwerek (mimo ograniczeń – VPS) to co innego
25
Sep
To jest testowy post… testujemy bloga oraz stronkę domową… 