Been really busy of late. Started a new job as a penetration tester. Began development on a few new apps and thought about doing stuff I will never actually get around to doing. If only i never became tired.

FreeSSHd is an application I've been playing with for some time. The vulnerabilities I'd discovered I'd never actually been able to exploit. Recently I decided to spend more time on the issues. Well that time spent was time put to good use. I managed to exploit the vulnerability, all of which can be viewed in the advisory titled "FreeSSHd 1.2.1 (rename) Remote Buffer Overflow Exploit".

Whilst setting up IP Phones early January I came across an issue with the Linksys SPA400 device:

Manufacturer	Linksys (Division of Cisco Systems)
Device	SPA400 (Internet Telephony Gateway)
Fireware	1.1.2.2

Provided the user is logged in, it is possible to read local files as the root user. The setup.cgi script fails to verify the the requested data before preforming the action. Examples are shown below:

/html/setup.cgi?next_file=/etc/passwd
/html/setup.cgi?next_file=/etc/shadow
/html/setup.cgi?next_file=/var/system.conf

Anyway, soon I hope to find much more time soon to do more vulnerability R&D and write more blog entries!