| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: simon at snosoft.com (ATD) Subject: Exploit for auth2-pam for vuln linux opensshd Are you perfect? On Wed, 2003-01-08 at 22:54, Jack Ahz wrote: > Dear reader, > Yours truly would like to note the following: > > Globalintersec Research is a hoax. Unbelievably, the only thing that makes me > angrier than a 0day factory like ISS, which churns out advisory after advisory > due to the unethical and illegal auditing of proprietary source code found on > irc and plan9.hert.org, is a security company consisting of complete morons > that is able to make money (SOMEHOW) by completely fooling the public. > > KF, of GLOBALINTERSEC SECURITY, THIS MEANS YOU! > > Note: At least ISS uses illegal means and genuine skills to audit proprietary > source code and find real, useful bugs. > > Let's think about it. KF MADE THIS POST TO VULN-DEV: > > ----------------------------- > My question is does anyone know how to programatically do this? Do i > need to make use of bit shifting or something? I need only a program to > print the list to the screen or something simple. Example output would > be ... > > AAAA > BBBBB > .... > AAAB > AAAC > ... > and so on but ONLY unique posibilities. > > -KF > ----------------------------- > > NOTE THAT NOT EVEN THIS QUESTION WAS ERROR-FREE (THE SECOND ENTRY HAS 5 B'S) > > So are we to believe that somebody lacking the most basic C-skillz is able to > craft an exploit for opensshd for linux? > > Is it not apparent that if this bug were easily exploitable, SOME FUCKING IDIOT > would have already posted the exploit to packetstorm, like MR ZENITH PARSEC? > > > KF continues in his vuln-dev post, > "Hah this is great... and to think a simple question like that stumped my > local java AND c++ instructors. " > > Where did you go to school, the University of Swaziland? > > Anyhow, I am straying off topic. Let not my hate of the KF cloud my message. > > The point is this: > I have looked through the auth2-pam.c file a while ago, and determined that the > sshd daemon was certainly not exploitable in the way which was described in the > advisory, due to certain counter variables and corruption of the heap. Now, > this was a while ago, and I'm only going by what my own memory serves up. > > The same goes for the FAKE GLOBALINTERSEC sudo advisory. It is quite apparent > that the gdb output was fabricated. Running neither one of those programs with > a few simple command will cause some textbook heap corruption scenario where > the malloc chunk headers are 'merely overwritten' by a long string of A's. Even > Mr. FC could have crafted up an exploit in less than 8 months IF THAT WERE THE > CASE. > > Solution: > KF[GLOBALINTERSEC], admit to the world that you are a fraud and faked gdb > output in an effort to gain fame. At least I applaud for not signing your name > as 'KF' to your advisories. Globalintersec would have certainly been out of > business by now if that were the case. > If KF admits he is a liar, this will all stop. > > Potential Counter-Solution: > Say KF does not admit he is a fraud. I will be forced to go back through a pile > of old worthless code to show that his exploitable condition is impossible > (which is not to say at all that exploitation in some way is impossible). > > -- END -- > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- ATD <simon@...soft.com> Secure Network Operations, Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030109/7859733f/attachment.bin
Powered by blists - more mailing lists