| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: argv at hushmail.com (ARGV)
Subject: [argv] PHC hacklog part deux (No way, fool...)
-----BEGIN PGP SIGNED MESSAGE-----
1. Topic:
PHC hacklog part deux (No way, fool...)
2. Relevant versions:
Vulnerable: ALL!
You don't hear nothin but your pea brain rollin' around in your head!
Not Vulnerable: NONE!
Don't stay up late, eat all your greens. Remember I love you.
I'll see you soon
http://phrack.efnet.ru/missions/2003/mission1.tar.gz
3. Problem description:
Hi, we're back with round two of PHC hacklog bugs, 'dis time
with an exploitable bug!! oh joy!!
MR. T says:
You lied to me!!
He's gonna be a package of cream cheese in a minute!
Let's analyze this, shall we?
MR. T says:
Got no time for the jibba jabba.
/* hacklog v1.0! */
^ notice the cool comment, all elite h4x0r apps must have one
char buf[8192];
^ nice big buffer....Mr. T think even sockz could fit shellcode in
'dis
if (fgets ((char *) buf, sizeof (buf), f) == NULL)
break;
if ((a = strchr (buf, '.')) == NULL)
{
perror ("strchr");
exit (EXIT_FAILURE);
}
*a++ = 0;
if ((b = strchr (a, ' ')) == NULL)
{
perror ("strchr");
exit (EXIT_FAILURE);
}
^ oh no..they didn't...
nchars = atoi (b);
^ say it isn't so little johnny
if (!nchars)
{
fprintf (stderr, "Error parsing timing file!\n");
exit (EXIT_FAILURE);
}
^ this won't save you
if (read (fd, buf, nchars) != nchars)
^ ouch....so just send > 8192 and you win!
You've done it! you won!!
4. Workaround:
PHC has evaded being embarrassed by fixing thems on their machine,
but still keep the vulnerable code online, so that others
may be hacked!! how nice!
MR. T says:
Now get the first-aid kit before you have to use it on yourself!
Just say "NO" to blackhat code. Fool!
5. References:
greetz to (censored by the DMCA foo), for being so tall, blonde, and
handsome...crazy foo!
6. Contact:
argv@...hmail.com
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlkEARECABkFAj5rF50SHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9Bkp7KEAniUz
+Dm26i/DuBRzvhE7L/+bPUKmAJ4pfRr+WS385zZFOqsxyzZS2dfE9g==
=3Sgp
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists