Industrial Research in Security

One of my activities is Industry Research in the field of Security. What this means is, that I often examine computer systems with respect to the intended design (as stated) and against the standard of today's user expectation- and I do so both independently and in collaboration with others. The results in this field are the discovery of previously unknown issues, often "vulnerabilities", in a given system. Generally when results are found, they are eventually assigned a "CVE" identifier, among other identifiers, and result in a patch or update being distributed. This page is a reference table of my public results and proven credentials in the field, but it is not a complete reference to my experience. Generally speaking, I've done a handful of studies per year. Only some of them produce results. If instead, you are looking to collaborate in this field in a more academic sense or in the educational or laboratory setting, you can still contact me, and I will consider your question.

Announcement DateCVE NumberVendorProductOther IdentifersDescriptionPoCCollaborators

2023

TBD

2008

May 30th 2008 CVE-2008-2538 Sun Microsystems Solaris 8 to 10, and OpenSolaris up to build snv_91 Sun Alert #237864 Me: "A vulnerability in crontab may allow hijacking of other user's crontabs." Vendor: "A Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code"

2007

July 27th 2007 CVE-2007-4070 Sun Microsystems Solaris 8 to 10 Sun Alert #200863 Vendor: "A Security Vulnerability in lbxproxy(1) may Allow Unauthorized Read Access to Files"

2006

August 23rd 2006 CVE-2006-4315 SSH Communications Security (ssh.com) SSH Tectia Client, Server, and Connector up to 5.0.1, and Manager up to 2.1.2; on Windows RQ #13895 Vendor: "SSH Tectia Windows Pathname Parsing Vulnerability"

2005

November 11th 2005 CVE-2005-4158 Sudo Project Sudo up to 1.6.8 p11 Bugtraq ID 15394 Vendor: "Sudo Perl Environment Variable Handling Security Bypass Vulnerability"
June 20th 2005 CVE-2005-1993 Sudo Project Sudo 1.3.1 to 1.6.8 p8 Bugtraq ID 13993 Vendor: "Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack."