---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: libsafe Race Condition Protection Mechanism Bypass SECUNIA ADVISORY ID: SA14978 VERIFY ADVISORY: http://secunia.com/advisories/14978/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: libsafe 2.x http://secunia.com/product/4929/ DESCRIPTION: "Overflow.pl" has discovered a security issue in libsafe, which can be exploited by malicious people to bypass the security mechanism. The security issue is caused due to a race condition when processing simultaneous attacks in separated threads. This can be exploited to bypass the protection mechanism in a multi-threaded application linked against the vulnerable library. The security issue has been confirmed in version 2.0-16. Other versions may also be affected. SOLUTION: Don't rely solely on the protection mechanism to prevent exploitation (especially in multi-threaded applications). PROVIDED AND/OR DISCOVERED BY: "Overflow.pl" ORIGINAL ADVISORY: http://www.overflow.pl/adv/libsafebypass.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------