Welcome to trapkit.de. This is my little forum where you can have a look at some of my bug findings, (upcoming) security advisories, books, papers and research projects.

See also my blog and my Twitter account account for random thoughts on security vulnerabilities, exploiting and segfault stories.

.ιl Bug Hunting:

Published Security Advisories

Published Security
Advisories

Patch Development Time Statistics

Patch Development
Time Statistics

Upcoming Security Advisories

Upcoming Security
Advisories


.ιl Current news feed:

Tuesday, February 2, 2010

Apple iPhone OS and Mac OS X Security Advisory

Apple released security updates for iPhone OS and Mac OS X that fix a stack buffer overflow vulnerability I found in CoreAudio.

More information:

Advisory (TKADV2010-002)Related blog entry


Sunday, January 31, 2010

Oracle Solaris Kernel Security Advisory

Oracle released an updated version of their kernel for Solaris 10 and OpenSolaris. The update fixes a NULL pointer dereference I found in the Solaris kernel.

More information:

Advisory (TKADV2010-001)Related blog entry


Sunday, December 27, 2009

New version of checksec.sh

I released a new version of checksec.sh. This script is designed to test what standard Linux OS security features are being used.

More information:

Click here


Wednesday, September 09, 2009

Apple iPhone OS AudioCodecs Heap Buffer Overflow

Apple released an updated version of their iPhone OS. The update fixes a heap buffer overflow vulnerability I found in the AudioCodecs library of iPhone OS < 3.1 and iPhone OS < 3.1.1 for iPod touch.

More information:

Advisory (TKADV2009-007)Related blog entry


Saturday, May 16, 2009

libsndfile/Winamp Security Advisory

The libsndfile maintainers released an updated version of their multimedia library. The update fixes a heap buffer overflow vulnerability I found in the VOC (Creative Voice) demuxer. As libsndfile is used by Winamp (and other software projects) this popular media player is also affected by this vulnerability.

More information:

Advisory (TKADV2009-006)Related blog entry


Saturday, April 4, 2009

xine-lib Security Advisory

The xine-lib maintainers released an updated version of their multimedia library. The update fixes an integer overflow vulnerability I found in the Quicktime demuxer.

More information:

Advisory (TKADV2009-005)Related blog entry


Sunday, February 15, 2009

xine-lib also affected by TKADV2009-004

I updated TKADV2009-004 as xine-lib < version 1.1.16.2 is also affected by a variant of the bug described in the advisory.

More information:

Updated Advisory (TKADV2009-004)Related blog entry


Wednesday, January 28, 2009

FFmpeg Security Advisory

Today the FFmpeg maintainers released an updated version of their multimedia framework. The update fixes a type conversion vulnerability I found in FFmpeg.

More information:

Advisory (TKADV2009-004)Related blog entry


Thursday, January 22, 2009

GStreamer Security Advisory

Today the GStreamer maintainers released an updated version of their multimedia framework. The update fixes some Heap Buffer Overflows and an Array Index Out of Bounds vulnerability I found in GStreamer.

More information:

Advisory (TKADV2009-003)Related blog entry


Sunday, January 11, 2009

Amarok Security Advisory

Today the Amarok maintainers released an updated version of their media player. The update fixes some Integer Overflow and Unchecked Allocation vulnerabilities I found in Amarok.

More information:

Advisory (TKADV2009-002)Related blog entry


Sunday, January 11, 2009

Sun Solaris Kernel Security Advisory

Sun released an updated version of their kernel for Sun Solaris 8, 9, 10 and OpenSolaris. The update fixes an Integer Overflow vulnerability I found in the Sun Solaris kernel.

More information:

Advisory (TKADV2009-001)Exploitability