| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Jan 27 11:08:32 2006 From: ad at heapoverflow.com (ad@...poverflow.com) Subject: Shareaza Remote Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I mean if the shareaza doesnt want to patch as it looks like here , provide him a poc with a remote execution and he will be forced to patch it, but right now he can probably ignore your warnings :) Ryan Smith wrote: > Thanks Todd, the correct link is > http://www.hustlelabs.com/shareaza_advisory.pdf :> > > Ad, I believe what you mean is that I completed 20% of a job, and > the job was correct. I am sorry you feel my work was incomplete; > do you still feel like you recieved a deliverable that matches the > dollar amount you spent on the research? > > On 1/26/06, *ad@...poverflow.com <mailto:ad@...poverflow.com>* > <ad@...poverflow.com <mailto:ad@...poverflow.com>> wrote: > > where is your proof then that the remote execution is possible, the > shareaza maker wont probably care until you add a proof on what do > you claim as exploitable.. You just made like 20% of a correct job > ... > > > Ryan Smith wrote: >> There is a vulnerability in the current version of Shareaza, a >> P2P file sharing product. It results in remote code execution. >> Please see the advisory for more details. There is no patch. > >> Credit: These vulnerabilities were discovered and researched by >> Ryan Smith. > >> Contact: WhatsTheAddress@...il.com >> <mailto:WhatsTheAddress@...il.com> >> <mailto:WhatsTheAddress@...il.com >> <mailto:WhatsTheAddress@...il.com>> > >> Details: http://www.hustlelabs.com/ >> > <http://www.security.nnov.ru/?gohttp://www.rem0te.com/public/images/clamav.pdf > >> > > > >> ---------------------------------------------------------------------- >> > > >> _______________________________________________ Full-Disclosure - >> We believe in it. Charter: >> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and >> sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ9n/Ea+LRXunxpxfAQLq9BAAou8BzrrVGrw7C6Xq//2MgGRF4J4Aqx0l sntgujSaCMHnf/J8c7XSqvsOxYY0SiiB06yFzFXoBKpdnEHVP5M/4LEiAGwzK21V y4QK6Z6GVucP/Rz+O0zetub/Sjel4z7vPEZMnqySYA1EihH4MmCFIIC9EyOyyQdf Jc/7m3GJZO3vR4wOHANrxUFVBXf1mQpzN6Xc4XLhKA0iGAYo/MKQE8+PDCg7uQFd gDLFhLqbz24rEjYwP6Ww58yhKqc26CnBIeZgghwHBhh7cWcsgzPLqA5RoKSMACfy o+coqfXv1paZZCPhH17SdgXgfa263bDQmBxFLd6LxEi1kH4ABWEy8gesevZ3Sb5X Rkzx3h9v8Swa0Mv9/V+L51fELoDcbz22L7Ut+o8fwSukIoYDrz9LIMrjy1IK3aH4 Eraq0/SzMI1oQRAGI51AvKzMgToORQH+p1R1OIlFpyoIzCmKsEBFVY/1q59AGbz/ fkxsFhHD2XkS/nNP9bPevMboS45EZg2FJ8M+BT9OK8FjbP55aBhsynJ+E39fEg4g eoA288fGCdxONRf+sZ/+9vxnSYlhtBn6u4YXKVVsO3VPsrZcSTck/57P5ZbytX6c aq11B5N4aS1O1pQ5vSn/vTi6Pyr3jjIcqR+XTu6HHTslzD7V/i9lbpjwaWk3Krpz C1bLMBfybBU= =PL4B -----END PGP SIGNATURE-----
Powered by blists - more mailing lists