| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: len at netsys.com (Len Rose)
Subject: Re: [security bulletin] SSRT2275 HP Tru64 UNIX - Potential Buffer Overflows & SSRT2229 Potential Denial of Service (fwd)
>From the How Lame Can It Get or Intellectual Levels
of the Net are dropping each year Dept.
The example MD5/SHA1 perl script HP/Compaq recommends
on the page referenced in the below excerpt, is broken
because they didn't escape the greater than/less than
symbols. When the page is rendered by any browser the
code appears as "while()" instead of the proper "while(<FILE>)"
One can envision some poor sod sitting there endlessly waiting
for his md5/sha1 checksum to appear because he copied and pasted
the example script. (it will just sit there endlessly chewing up
cpu)
Either this is a joke, or a denial of service attack brought
to you by the new, improved HP/Compaq technical elite :)
# snip
use Digest::MD5;
use Digest::SHA1;
my $file = shift;
open(FILE, $file) or die "Can't open '$file': $!";
binmode(FILE);
$md5 = Digest::MD5->new;
$sha1 = Digest::SHA1->new;
while (<FILE>) {
$md5->add($_);
$sha1->add($_);
}
close(FILE);
print $md5->hexdigest," ","$file"," ","MD5\n";
print $sha1->hexdigest," ","$file"," ","SHA1\n";
#end snip
(http://www.support.compaq.com/patches/whats-new.shtml)
On Sat, Aug 31, 2002 at 11:47:56AM -0600, Dave Ahmad wrote:
>
>
> Information on how to verify MD5 and SHA1 checksums is
> available at: http://www.support.compaq.com/patches/whats-new.shtml
>
Powered by blists - more mailing lists