Researches on software vulerabilities
Overview
Today, vulnerabilities in the software used on/for the Internet are becoming a serious security problem. We work on such situation by collecting daily information, analyzing the real cause of the problems from the scientific point of view, to propose a resolution, guideline, software fixes, and the verification methods.
For each vulnerabilities found during the research, we cooperate with software developers, IPA, JPCERT/CC, CERT/CC and other organizations to fix the problem.
Members
- Yutaka Oiwa
- Hiromitsu Takagi
- Hajime Watanabe
- Kazukuni Kobara
Publications
- Y. Oiwa, K. Kobara and H. Watanabe, ``A New Variant for an Attack Against RSA Signature Verification Using Parameter Field,'' Proceedings of EuroPKI 2007 (4th European PKI Workshop: Theory and Practice), LNCS 4582, pp.143--153, Palma de Mallorca, Spain, June 2007.
Some of reported vulnerabities
- tDiary program code injection using session riding
- Hiki cross-site scripting
- FreeStyleWiki arbitrary command invocation
- Design and implementation issues for safety restrictions of Ruby
- JVN#62914675 (ja), CERT VU#160012, CIAC:Q-016, CVE-2005-2337
- DSA-860, DSA-862, RHSA-2005:799, GLSA-200510-05
- Mozilla, Opera XMLHTTP request splitting/concatenating vulnerability
- JVN#31226748 (ja), MFSA2005-58, CVE-2005-2703
- CIAC:P-310/311, FRSIRT:2005-1824
- MDKSA-2005:169/170, RHSA-2005:785/789
- OpenSSL SSL version rollback
- JVN#23632449 (ja), CVE-2005-2969, CIAC:Q-007
- FreeBSD-SA-05:21, GLSA 200510-11, USN204-1
- MDKSA-2005:179, Sun #101974
- GNUTLS, Mozilla certification verification vulnerability (using Parameters field)
- GNUTLS-SA-2006-4