Friday, 20 January 2012

...and the machine grinds on!

I'm open sourcing a portion of my system for browser fuzzing called Grinder. Comprised of two main components, many Grinder Nodes are setup to perform the fuzzing of various browsers while a single Grinder Server will collate the results and provides a simple web interface for managing a large number of crashes. A few screenshots should give you the gist of things...



I am however not releasing any of my fuzzers :) Although a very simple example is included to show how you can begin to write a suitable fuzzer for use with Grinder.

The BSD licensed source code, and installation instructions, can be found on GitHub here: https://github.com/stephenfewer/grinder/

Tuesday, 1 February 2011

HP OpenView Performance Insight Server Backdoor Account Vulnerability

TippingPoint's Zero Day Initiative (ZDI) have published an advisory for a remote backdoor account vulnerability which leads to privileged code execution in Hewlett Packard's OpenView Performance Insight Server. HP managed to patch this vulnerability after a lengthy 461 days. This vulnerability was discovered by Stephen Fewer of Harmony Security.

You can read the full ZDI advisory here:
http://www.zerodayinitiative.com/advisories/ZDI-11-034/

Wednesday, 15 December 2010

Microsoft Internet Explorer Select Element Use After Free Vulnerability

TippingPoint's Zero Day Initiative (ZDI) have published an advisory for a use after free vulnerability (MS10-090, CVE-2010-3345) in Microsoft Internet Explorer 8. This vulnerability was discovered by Stephen Fewer of Harmony Security.

You can read the full ZDI advisory here:
http://www.zerodayinitiative.com/advisories/ZDI-10-288/

And the Microsoft advisory here:
http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx

Wednesday, 13 October 2010

Oracle Java IE Browser Plugin Stack Buffer Overflow Vulnerability

TippingPoint's Zero Day Initiative (ZDI) have published an advisory for a stack based buffer overflow vulnerability (CVE-2010-3552) in Oracle's Java for Internet Explorer. The flaw is found within the JP2IEXP.dll module which is used by Internet Explorer for managing the Java plugin. This vulnerability was discovered by Stephen Fewer of Harmony Security.

You can read the full ZDI advisory here:
http://www.zerodayinitiative.com/advisories/ZDI-10-206/

And the Oracle advisory here:
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

This vulnerability was also independently discovered by Berend-Jan Wever who has written a blog post detailing the vulnerability along with several interesting proof of concept exploit modules (specifically iExploit12-DEP.zip) which can be found here

Wednesday, 6 October 2010

Novell iManager Arbitrary File Upload Remote Code Execution Vulnerability

TippingPoint's Zero Day Initiative (ZDI) have published an advisory for a remote pre authentication arbitrary file upload vulnerability in Novell iManager that leads to arbitrary code execution. This vulnerability was discovered by Stephen Fewer of Harmony Security.

You can read the full ZDI advisory here:
http://www.zerodayinitiative.com/advisories/ZDI-10-190/

And the Novell advisory here:
http://www.novell.com/support/viewContent.do?externalId=7006515&sliceId=2