| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Apr 2011 13:03:23 -0300
From: "R0me0 ***" <knight.neo@...il.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Insect Pro - Advisory 2011 0428 - Zero Day -
Heap Buffer Overflow in xMatters APClient
insect's are a big joke
m* f*
2011/4/29 -= Glowing Doom =- <secn3t@...il.com>
> Well... I am only saying, this place is NOT a place where 'web fuzzing'
> should be the main topic of interest, specially when it is related to
> software wich costs money and does not even have any trial..
> It also, produced a false, on many occassions.
> Acutenix consultant would do this, and guess what, get a cracked copy, and
> they STILL let ya be a consultant!!
> neat huh??
> Now with this and Insect... you cannot do any ill.. your hard working
> product, doesnt even scan right, and there is no free version... there is
> only 'email' ones as ive seen, so what kinda shit is that, posting to grok
> ??? eh ???
> Im with the others... the tests show the truth, truth is, the product
> stinks, even when given the second glance.
> Your peers vote i think, against this app...and, unless you maybe fix it,
> and, even use some open src tosdo so (maybe learn something about 'opening')
> the product, and more people will be happy to debug for you.. but alone,
> your , yes..an insect waiting to be squashed :P lol...pardon my fracoise'
> .
> xd
>
>
> On 29 April 2011 13:43, Mario Vilas <mvilas@...il.com> wrote:
>
>> Precisely. The poc triggers the bug by passing a very long command line
>> argument, so it's assumed the attacker already has executed code. The only
>> way this is exploitable is if the binary has suid (then the attacker can
>> elevate privileges) or the command can be executed remotely (and the
>> attacker additionaly cannot execute any other commands, but can mysteriously
>> control the arguments). Unless either scenario is researched (and nothing in
>> the advisory tells me so) I call bullshit.
>>
>> On Thu, Apr 28, 2011 at 6:09 PM, <Valdis.Kletnieks@...edu> wrote:
>>
>>> On Thu, 28 Apr 2011 14:40:22 -0300, Mario Vilas said:
>>>
>>> > Is the suid bit set on that binary? Otherwise, unless I'm missing
>>> something
>>> > it doesn't seem to be exploitable by an attacker...
>>>
>>> Who cares? You got code executed on the remote box, that's the *hard*
>>> part.
>>> Use that to inject a callback shell or something, use *that* to get
>>> yourself a shell
>>> prompt. At that point, download something else that exploits you to root
>>> - if
>>> you even *need* to, as quite often the Good Stuff is readable by non-root
>>> users.
>>>
>>
>>
>>
>> --
>> “There's a reason we separate military and the police: one fights
>> the enemy of the state, the other serves and protects the people. When
>> the military becomes both, then the enemies of the state tend to become the
>> people.”
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists