lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon May 29 11:14:17 2006 From: h4x0r at ercist.iscas.ac.cn (madsys) Subject: Re: Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUTPATCHING aGksIEkgZG9udCB0aGluayB5b3UgY2FuIGVhc2lseSBkZWNyeXB0IHRoZSBQR1BkaXNrIHdpdGhv dXQga25vd2luZyB0aGUgZW5jcnlwdGlvbiBrZXkgb3IgdGhlIHByaXZhdGUga2V5LiBCdXQgSSB0 aGluayB3aGF0IHlvdSBtZW50aW9uZWQgaXMgYSBidWcgLS0gUEdQZGlzayBzaG91bGRuJ3Qgc2hv dyB0aGUgY29udGFpbmVkIGZpbGVzIGxpc3QgYmVmb3JlIGRlY3R5cHRpbmcgdGhlIGRpc2suDQoN Cg0KCW1hZHN5cw0KDQo9PT09PT09IDIwMDYtMDUtMjggMDU6MzE6MTijuj09PT09PT0NCg0KPlRo aXMgdG8gYW5zd2VyIE1yIEpvbiBDYWxsYXMgKFBHUCBDVE8pIGFuZCB0byBzaG93IGhpbSB0aGUg bGFzdCBwcm9vZi1vZi1jb25jZXB0LiBJZiBoZSBkaWQgbm90IGdldCBpdCB3ZSBjb25zaWRlciB3 ZSBoYXZlIGRvbmUgb3VyIHBhcnQgdG8gcmVwb3J0IGEgQklHIHByb2JsZW0gaW4gUEdQIHVubGVz cyB0aGlzIGlzIHNvbWUga2luZGEgb2YgSElEREVOIGZlYXR1cmVzLg0KPg0KPg0KPg0KPi0tQWRv bmlzLCBBYmVkIENvbW1lbnRzLS0NCj4NCj5XZSBkbyBub3QgYWdyZWUgd2l0aCBzb21lIG9mIFBH UCBjb21tZW50cy4gDQo+DQo+DQo+DQo+V2UgZG8gbm90IGtub3cgd2h5IHRoZXkganVzdCBzZWUg b25lIHNpZGUgb2YgdGhlIGNvaW4uDQo+DQo+DQo+DQo+V2hhdCBpZiB5b3UgaGFkICBjcmVhdGVk IGEgdmlydHVhbCBkaXNrICBhbmQgZ2l2ZSB0aGF0IHRvICBzb21lb25lLiBUaGF0IHNvbWVvbmUN Cj4NCj51c2UgaXQgYXMgaGlzL2hlciBvd24gZGlzayBhbmQgIGRlY2lkZWQgdG8gY2hhbmdlIHRo ZSBwYXNzd29yZCBiZWNhdXNlIHRoZXkgIG93bg0KPg0KPnRoZSBkaXNrICBub3cgKFlvdSAgZ2l2 ZSB0aGVtICB0byB0aGVtICB3aXRoIHRoZSAgcGFzcykuIFNvICB0aGV5IGRpZCBjaGFuZ2UgdGhl DQo+DQo+cGFzc293cmQsIGJ1dCB0aGUgb3JpZ2luYXRvciAgY2FuIHN0aWxsIGFjY2VzcyB0aGF0 ICBkaXNrIGlmIGhlL3NoZSByZXBsYWNlICB0aGUNCj4NCj5wYXNzcGhyYXNlICBieXRlcyBpbiAg dGhlIGJpbmFyeSAgZmlsZS4gU28gIEkgY29uc2lkZXIgIHRoaXMgYW4gIGF0dGFjayBvbiAgZGF0 YQ0KPg0KPklOVEVHUklUWSBhbmQgIGRhdGEgQVZBSUxBQklMSVRZIHNpbmNlIHRoZSBsZWdpdGlt YXRlIHVzZXIgd2lsbCBiZSBkZW5pZWQgYWNjZXNzDQo+DQo+dG8gdGhlIGRpc2sgYWZ0ZXIgcmVw bGFjaW5nIHRoZSBwYXNzcGhyYXNlIGJ5dGVzLg0KPg0KPg0KPg0KPiJ3aHkgeW91IGRvIG5vdCB3 YW50IHRvIHNlZSB0aGF0IHlvdXIgcGFzc3dvcmQgdmVyaWZpY2F0aW9uIGNhbiBiZSBzaW1wbHkg DQo+DQo+YnlwYXNzZWQsIGJlc2lkZXMgYSByZXB1dGFibGUgY28uIGxpa2UgUEdQIHNob3VsZCBh dCBsZWFzdCBwdXQgYW50aS1kZWJ1Z2dpbmcgDQo+DQo+dHdlYWtzLCBvciBldmVuIGVuY3J5cHQv aGlkZSB0aGUgcGFzc3BocmFzZSBsb2NhdGlvbiINCj4NCj4NCj4NCj5UbyBwZ3AsIHlvdXIgYXV0 aGVudGljYXRpb24gY2FuIGJlIGJ5cGFzc2VkLCBldmVuIGlmIHlvdSBoYXZlIGNyZWF0ZWQgdHdv DQo+DQo+ZGlmZmVyZW50IC5zZGEgZmlsZSB3aXRoIHR3byBkaWZmZXJlbnQgY29udGVudC4gdGhl IGF1dGhlbnRpY2F0aW9uIGNhbiBiZQ0KPg0KPm92ZXJ3cml0dGVuIGFuZCB0aGUgZmlsZSBjYW4g YmUgZXh0cmFjdGVkIGlmIHlvdSB1c2UgYSBkZWJ1Z2dlciBpZiB5b3UgZG8gbm90DQo+DQo+dXNl IGEgZGVidWdnZXIgeW91IHdpbGwgYmUgYWJsZSB0byBqdXN0IGJ5cGFzcyB0aGUgYXV0aGVudGlj YXRpb24gYnV0IHdpdGhvdXQNCj4NCj5leHRyYWN0aW9uLiB3aHkgZG9uJ3QgeW91IHNlZSB0aGF0 IG1yLiBqb24/IGluc3RlYWQgb2YgYml0Y2hpbmcgYW5kIHN0dWZmPyB3aHkNCj4NCj5jYW5ub3Qg eW91IGJlIHByb2Zlc3Npb25hbCBhbmQganVzdCBleHBsYWluIGZhY3QgYWZ0ZXIgeW91IGRvIHlv dXIgaG9tZSB3b3JrDQo+DQo+d2l0aCBhIG5pY2UgZGVidWdnZXIuPyBpcyB0aGF0IHRvIG11Y2gg YXNraW5nLCBJIHRoaW5rIHdlIGFyZSB0YWxraW5nIGFtb25nDQo+DQo+aHVtYW4gYW5kIGFkdWx0 cyBubz8uDQo+DQo+DQo+DQo+V2UgdGhpbmsgTXIuIEpvbiAoUEdQKSBzaG91bGQgcGxheSB0aGlz IGZsYXNoIHZpZGVvIFNMT1cgUkVBTCBTTE9XLg0KPg0KPg0KPg0KPmh0dHA6Ly93d3cuc2FmZWhh Y2suY29tL0Fkdmlzb3J5L3BncC9hbnN3ZXJqb24uaHRtbA0KPg0KPg0KPg0KPlBHUCBjb21tZW50 czogaHR0cDovL3d3dy5zZWN1cml0eWZvY3VzLmNvbS9hcmNoaXZlLzEvNDM1MTU1IA0KPg0KPg0K Pg0KPlF1b3RlIGZyb20gTXIgSm9uIGNvbW1lbnRzOiAiRm9yIGNvbXBsZXRlbmVzcywgSSdsbCBu b3RlIHRoYXQgd2UgYXJlIGRpc2N1c3NpbmcNCj4NCj53aGV0aGVyIHdlIHNob3VsZCBhZGQgaW4g YSB3YXJuaW5nIGRpYWxvZyB0byB0aGUgcGFzc3BocmFzZSBjaGFuZ2Ugb24gYSBQR1ANCj4NCj5E aXNrLCB0byB0ZWxsIHRoZSB1c2VyIHRoYXQgYW4gYXR0YWNrZXIgd2hvIGhhcyBsZWFybmVkIGFu IG9sZCBwYXNzcGhyYXNlLCBoYXMNCj4NCj5hbiBvbGQgZGlzayBhbmQgYSBoZXggZWRpdG9yIGNh biBwYXRjaCB0aGUgZGlzayBzbyB0aGF0IGl0IGNhbiBiZSBvcGVuZWQuIE9uIHRoZQ0KPg0KPm9u ZSBoYW5kLCB0aGlzIG1pZ2h0IGJlIGEgZ29vZCB0aGluZyB0byBkbyIuIA0KPg0KPg0KPg0KPlNv IGlmIE1yIEpvbiBkb2VzIG5vdCBzZWUgdGhlIHByb2JsZW0gd2h5IHRoZXkgYXJlIHRhbGtpbmcg YWJvdXQgYWRkaW5nIGENCj4NCj5tZXNzYWdlIGJveD8uIFdoeSB0aGUgcGFzc3BocmFzZSBsb2Nh dGlvbiBpcyBub3QgaGlkZGVuPyBldGMuIEkgc3RpbGwgc2VlIHRoaXMNCj4NCj5hcyBJTlRFR1JJ VFkgYW5kIEFWQUlMQUJJTElUWSBhdHRhY2tzIG9uIFBHUC4gSSBkbyBub3QgdGhpbmsgaXQgaXMg bm9ybWFsDQo+DQo+YmVoYXZpb3Igb2YgYW4gZW5jcnlwdGlvbiBhcHBsaWNhdGlvbiB0byByZXZl YWwgaXQgaXMgcGFzc3BocmFzZSBsb2NhdGlvbiBhbmQgSQ0KPg0KPmRvIG5vdCBzZWUgYnlwYXNz aW5nIHRoZSBwYXNzcGhyYXNlIGRpYWxvZy1ib3ggYXMgRmVhdHVyZSBlaXRoZXIuDQo+DQo+DQo+ DQo+IA0KPg0KPg0KPg0KPlByb29mIG9mIGNvbmNlcHQgdGhhdCBQR1AgQVVUSEVOVElDQVRJT04g Q0FOIEJFIEJZUEFTU0VEIFdJVEhPVVQgUEFUQ0hJTkcgVEhFIA0KPg0KPkJJTkFSWSBGSUxFIEVW RU4uDQo+DQo+DQo+DQo+VGhpcyBGbGFzaCB2aWRlbyBpcyBkZWRpY2F0ZWQgdG8gTXIuIEpvbiBD YWxsYXMgKFBHUCBDVE8sIENTTykuDQo+DQo+aHR0cDovL3d3dy5zYWZlaGFjay5jb20vQWR2aXNv cnkvcGdwL3Byb29mX29mX2NvbmNlcHRfUEdQX0F1dGhlbnRpY2F0aW9uX0JZUEFTUy5odG1sDQo+ DQo+aHR0cDovL3d3dy5zYWZlaGFjay5jb20vQWR2aXNvcnkvcGdwL3Byb29mX29mX2NvbmNlcHRf UEdQX0F1dGhlbnRpY2F0aW9uX0JZUEFTUy5odG1sDQo+DQo+DQo+DQo+V2UgaGFkIHJlcG9ydGVk IHRoYXQgUEdQIEF1dGhlbnRpY2F0aW9uIGNhbiBiZSBieXBhc3NlZCBieSBwYXRjaGluZyB0aGUg YmluYXJ5IA0KPg0KPmZpbGUuIEFmdGVyIHJlYWRpbmcgTXIuIEpvbiBDYWxsYXMgTk9OIFBST0ZF U1NJT05BTCBhbnN3ZXIsIG1lIGFuZCBhYmVkIGRlY2lkZWQgDQo+DQo+dG8gc2hvdyBoaW0gdGhh dCBpcyBub3QgdHJ1ZS4gQnkgdXNpbmcgYSBTSU1QTEUgRGVidWdnZXIgUEdQIEF1dGhlbnRpY2F0 aW9uIGNhbiANCj4NCj5iZSBieXBhc3NlZC4NCj4NCj4NCj4NCj5IZXJlIGlzIE1yIEpvbiBDYWxs YXMgQ29tbWVudHMgaHR0cDovL3d3dy5zZWN1cml0eWZvY3VzLmNvbS9hcmNoaXZlLzEvNDM1MTU1 IA0KPg0KPlN1bW1pbmcgdXAsIHdlIGFyZSBkaXNhcHBvaW50ZWQgdGhhdCBmb3Igd2hhdGV2ZXIg cmVhc29ucywgd2Ugd2VyZSBub3QgY29udGFjdGVkIA0KPg0KPmFib3V0IHRoaXMgcmVzZWFyY2gg YmVmb3JlIGl0IHdhcyBwdXQgb24gdGhlIHdlYiBhbmQgcG9zdGVkIG9uIGJ1Z3RyYXEuIEhhZCB3 ZSANCj4NCj5iZWVuIGNvbnRhY3RlZCwgd2UgY291bGQgZGlzY3VzcyB0aGlzIGluIHByaXZhdGUg cmF0aGVyIHRoYW4gaGF2ZSB0byBhaXIgdGhlIA0KPg0KPmRldGFpbHMgb2YgdGhpcyBtaXN1bmRl cnN0YW5kaW5nIGluIGEgcHVibGljIGZvcnVtLiBJIGFtIHRydWx5IHNvcnJ5IGZvciB0aGUgDQo+ DQo+c2FrZSBvZiB0aGUgSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5zdGl0dXRlIG9mIFF1ZWJlYyBh bmQgaXRzIHN0YWZmIHRoYXQgdGhpcyANCj4NCj5jb21wbGV4IGlzc3VlIGhhcyB0dXJuZWQgaW50 byBhIHB1YmxpYyBicm91aGFoYS4NCj4NCj4NCj4NCj5XZSBsb2FkIHRoZSBmaWxlIGluIHRoZSBk ZWJ1Z2dlciBhbmQgc2V0IHRoZSBicmVhayBwb2ludHMgdGhlbiB3ZSBzdGFydCBieSANCj4NCj5o aXR0aW5nIEY5IHdlIHdpbGwgc2VlIHRoZSBwYXNzd29yZCBkaWFsb2cgd2UgZW50ZXIgQU5ZIHBh c3N3b3JkIGhlcmUuIFdoZW4gaXQgDQo+DQo+c3RvcCBhdCAwMDQwOTc5NyBIaXQgRjkgNiB0aW1l cyBZb3Ugc2VlIA0KPg0KPg0KPg0KPm9uIDAwNDA1RDcwIHwuIEU4IDRGRkJGRkZGIENBTEwgYV9z ZGEuMDA0MDU4QzQNCj4NCj53ZSBoaXQgNiB0aW1lcyBGOQ0KPg0KPkEgYnJlYWsgcG9pbnQgc2hv dWxkIGJlIHNldCBvbiAwMDQwNUQ3MCB0byBzZWUgdGhpcy4NCj4NCj4NCj4NCj5BZnRlciBydW5u aW5nIHRoZSBzZGEgaW4gb2xseSB3ZSBlbmQgdXAgaGVyZS4gV2UgaGl0IEY5IGNvdXBsZXMgb2Yg dGltZSB0aGVuIHdlIGNoYW5nZSBFU0kgRURJDQo+DQo+T04gMDA0MDk3OTcgfC4gRjM6QTcgUkVQ RSBDTVBTIERXT1JEIFBUUiBFUzpbRURJXSxEV09SRCBQVFIgRD47IA0KPg0KPg0KPg0KPldlIHNl ZSB0aGUgc3RhY2sgdmFsdWVzDQo+DQo+RUNYPTAwMDAwMDAyIChkZWNpbWFsIDIuKQ0KPg0KPkRT OltFU0ldPXN0YWNrIFswMEJCRjY4Q109REMzRjVDODIgPC0tIElGIFdFIEVOVEVSIEEgQkFEIFBB U1NXT1JEIFRIRVNFIFdPTlQgQkUgVEhFIFNBTUUNCj4NCj5FUzpbRURJXT1zdGFjayBbMDBCQkZG OThdPURDM0Y1QzgyIEVRVUFMLi4uIFdFIEpVU1QgTUFLRSBUSEVNIEVRVUFMIFRIRU4gQ09OVElO VUUgVEhFIFFVRVNULiANCj4NCj4NCj4NCj5BVCBUSElTIFBPSU5UIFBHUCBBdXRoZW50aWNhdGlv biBpcyBieXBhc3NlZC4NCj4NCj4NCj4NCj5JIGhvcGUgdGhhdCBoZWxwIE1yLiBKb24gKFBHUCkg c2VlaW5nIHRoZSBwcm9ibGVtLiBBZ2FpbiBNciBKb24gQml0Y2hpbmcgZG9lcyBub3QgaGVscCB5 b3UgZml4aW5nIHlvdXIgcHJvZHVjdHMuDQo+DQo+DQo+DQo+LS0gRW5kIENvbW1lbnQtLQ0KPg0K Pg0KPlBlYWNlDQo+Lg0KDQo9ID0gPSA9ID0gPSA9ID0gPSA9ID0gPSA9ID0gPSA9ID0gPSA9ID0N CgkJCQ0KDQoJCQkJIA0KDQo=
Powered by blists - more mailing lists