lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: wtphs at hush.com (Winnie The Pooh Hacking Squadron) Subject: Winnie The Pooh Hacking Squadron Presents: 0day 31337 vulnerability in indent 2.2.9 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 26 Dec 2003 12:23:31 -0800 Raymond Morsman <raymond@....org> wrote: >Yes it is. But there's no privilege elevations available. So what >good will this do? Hi Raymond This will not do anything good. However, little explanation for You: not only vulns in setuid/setgid applications are danger. Imagine vulnerability in your favourite mp3 player, in .mp3 file parsing code. Somebody gives you .mp3 file, you run it, and BAM! owned!. This is similar situation. Best regards Winnie The Pooh Hacking Squadron -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj/spoMACgkQYE4zNxPdkhMEdgCfcWUtMarIeiKmnHY3sWHNO2Hk4qQA mQGgFVQ1cIZbYaKqi4mN4nQ3X5uA =V3H6 -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists