lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: listuser at seifried.org (Kurt Seifried)
Subject: Winnie The Pooh Hacking Squadron Presents:0day 31337 vulnerability in indent 2.2.9

> >     indent is really fucking leet tool that improves appearance
> >     of C source code. It was designed to help people reading
> >     sources written by damn stupid and unskilled programmers like
> >     You Dong-Hun or Theo the Radt. It is really helpful nowadays
> >     because of that whores who think they are coders. Unfortunatelly
>
> Yes it is. But there's no privilege elevations available. So what good
> will this do?
>
> Raymond.

Someone sends you hacker code. It's an unreadable mess (there's a surprise).
You run it through indent. You get owned. Here's a hint: when playing with
code from attackers check the shell code, Makefiles, etc. Do not do this as
a privileged user, ideally do this with a throwaway account, or better yet
from within VMWare. STandard rules of safe/secure computing apply.

Kurt Seifried, kurt@...fried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ