Welcome to trapkit.de. This is my little forum where you can have a look at some of my bug findings, (upcoming) security advisories, books, papers and research projects.
See also my blog and my 
account for random thoughts on security vulnerabilities, exploiting and segfault stories.
.ιl Bug Hunting:
Published Security
|
Patch Development
|
Upcoming Security
|
.ιl Current news feed:
Tuesday, February 2, 2010
Apple iPhone OS and Mac OS X Security Advisory
Apple released security updates for iPhone OS and Mac OS X that fix a stack buffer overflow vulnerability I found in CoreAudio.
More information:
► Advisory (TKADV2010-002) ► Related blog entry
Sunday, January 31, 2010
Oracle Solaris Kernel Security Advisory
Oracle released an updated version of their kernel for Solaris 10 and OpenSolaris. The update fixes a NULL pointer dereference I found in the Solaris kernel.
More information:
► Advisory (TKADV2010-001) ► Related blog entry
Sunday, December 27, 2009
New version of checksec.sh
I released a new version of checksec.sh. This script is designed to test what standard Linux OS security features are being used.
More information:
Wednesday, September 09, 2009
Apple iPhone OS AudioCodecs Heap Buffer Overflow
Apple released an updated version of their iPhone OS. The update fixes a heap buffer overflow vulnerability I found in the AudioCodecs library of iPhone OS < 3.1 and iPhone OS < 3.1.1 for iPod touch.
More information:
► Advisory (TKADV2009-007) ► Related blog entry
Saturday, May 16, 2009
libsndfile/Winamp Security Advisory
The libsndfile maintainers released an updated version of their multimedia library. The update fixes a heap buffer overflow vulnerability I found in the VOC (Creative Voice) demuxer. As libsndfile is used by Winamp (and other software projects) this popular media player is also affected by this vulnerability.
More information:
► Advisory (TKADV2009-006) ► Related blog entry
Saturday, April 4, 2009
xine-lib Security Advisory
The xine-lib maintainers released an updated version of their multimedia library. The update fixes an integer overflow vulnerability I found in the Quicktime demuxer.
More information:
► Advisory (TKADV2009-005) ► Related blog entry
Sunday, February 15, 2009
xine-lib also affected by TKADV2009-004
I updated TKADV2009-004 as xine-lib < version 1.1.16.2 is also affected by a variant of the bug described in the advisory.
More information:
► Updated Advisory (TKADV2009-004) ► Related blog entry
Wednesday, January 28, 2009
FFmpeg Security Advisory
Today the FFmpeg maintainers released an updated version of their multimedia framework. The update fixes a type conversion vulnerability I found in FFmpeg.
More information:
► Advisory (TKADV2009-004) ► Related blog entry
Thursday, January 22, 2009
GStreamer Security Advisory
Today the GStreamer maintainers released an updated version of their multimedia framework. The update fixes some Heap Buffer Overflows and an Array Index Out of Bounds vulnerability I found in GStreamer.
More information:
► Advisory (TKADV2009-003) ► Related blog entry
Sunday, January 11, 2009
Amarok Security Advisory
Today the Amarok maintainers released an updated version of their media player. The update fixes some Integer Overflow and Unchecked Allocation vulnerabilities I found in Amarok.
More information:
► Advisory (TKADV2009-002) ► Related blog entry
Sunday, January 11, 2009
Sun Solaris Kernel Security Advisory
Sun released an updated version of their kernel for Sun Solaris 8, 9, 10 and OpenSolaris. The update fixes an Integer Overflow vulnerability I found in the Sun Solaris kernel.
More information:
► Advisory (TKADV2009-001) ► Exploitability
