The Stack Clash | Qualys Security Blog
What is the Stack Clash? The Stack Clash is a vulnerability in the memory management of several operating systems. It affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. It can be exploited by attackers to corrupt memory and execute arbitrary code. Qualys researchers discovered this vulnerability and developed seven exploits and seven proofs of concept for this weakness, then
The Laws of Vulnerabilities: The GHOST Vulnerability | Qualys Community
The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue. Qualys security researchers discovered this bug and worked closely with Linux distribution vendors. And as a result of that we are releasing this
SSL 3 is dead, killed by the POODLE attack | Qualys Security Blog
The POODLE Attack (CVE-2014-3566) Update (8 Dec 2014): Some TLS implementations are also vulnerable to the POODLE attack. More information in this follow-up blog post. After more than a week of persistent rumours, yesterday (Oct 14) we finally learned about the new SSL 3 vulnerability everyone was afraid of. The so-called POODLE attack is a problem in the CBC encryption scheme as implemented in th
How to detect NTP Amplification DoS Attacks | Qualys Security Blog
The ntpd program is an operating system daemon that sets and maintains the system time in synchronization with Internet standard time servers. As described in CVE-2013-5211, a denial of service condition can be caused by the use of the “monlist” feature, which is enabled by default on most NTP servers. NTP runs over UDP port 123, and since it’s on a UDP port, the source address can be spoofed easi
RC4 in TLS is Broken: Now What? | Qualys Security Blog
RC4 has long been considered problematic, but until very recently there was no known way to exploit the weaknesses. After the BEAST attack was disclosed in 2011, we—grudgingly—started using RC4 in order to avoid the vulnerable CBC suites in TLS 1.0 and earlier. This caused the usage of RC4 to increase, and some say that it now accounts for about 50% of all TLS traffic. Last week, a group of resear
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Configuring Apache, Nginx, and OpenSSL for Forward Secrecy | Qualys Security Blog
