lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 26 Nov 2006 05:17:10 -0600
From: <daylasoul@...h.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: Re: *BSD banner INT overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 26 Nov 2006 01:21:50 -0600 "J.A. Terranson" <measl@....org>
wrote:
>On Wed, 22 Nov 2006, Sean Comeau wrote:
>
>> On Wed, Nov 22, 2006 at 12:25:46PM +0300, dead code crew wrote:
>> >
>> >  %uname -sir
>> >  FreeBSD 6.1-RELEASE GENERIC
>> >  %gdb banner
>> >  (gdb) r -w 17000000
>> >  Program received signal SIGSEGV, Segmentation fault.
>> >  0x01010101 in ?? ()
>> >
>>
>> This doesn't crash banner on OpenBSD,
>
>FreeBSD 4.10R doesn't give a shit either.
>
>> and even if it did who cares?  What would anyone accomplish by
>making
>> this setuid root?
>
>   -bash-2.05b$ ls -al /usr/bin/banner
>   -r-xr-xr-x  1 root  wheel  16136 May 25  2004 /usr/bin/banner
>
>Good question.
>
>--
>Yours,
>
>J.A. Terranson
>sysadmin@....org
>0xBD4A95BF
>
>"Surely the larger lesson learned from that day is that other men,
>all
>over the world, took inspiration not from the heroism of the
>rescuers in
>New York or the passengers flying over Pennsylvania, but from the
>19
>hijackers - the twisted brilliance of their scheme and their
>willingness
>to sacrifice their lives to make a political and, as they saw it,
>religious statement."
>
>Richard Corliss/Time Magazine
>11 Aug 2006
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
Please maintain a reasonable standard of netiquette when posting.
Thanks.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkVpd7YACgkQ3AEcWsxdEQ496QP/VshMF0rw60R4PnGpNosJN7A+boQn
TC1i7J+RaainFCV0vrqxWpRzrhol4raV14KWAxTvq/jwZAcMz18f4j2Y2LmOoFGCrRUR
+06y6YkIVGGyoYgu0zzmvyS9hkKXqRv675/fZg45FqW9gGWqJaxJ8vvKaYt87DrP0EJ+
1G51vxw=
=SqM0
-----END PGP SIGNATURE-----




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ