lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 19 Oct 2011 16:47:00 -0700 (PDT)
From: N Za <nza88@...il.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: [SECURITY][GNAA 1488-1] slimhttpd security-update

-----BEGIN HASH SIGNED MESSAGE-----
Hash: Bubble

- -------------------------------------------------------------------------
GNAA Security Advisory GNAA-1488-1                   security () gnaa eu
http://security.on.nimp.org/                           N Za
October 19, 2011                        http://security.on.nimp.org/faq/
- -------------------------------------------------------------------------

Package        : slimhttpd
Vulnerability  : several
Problem type   : local
GNOS-specific bug: no
GNOS Bug       :  101

In the package `` slimhttpd'' found at https://github.com/ajwak95/SlimHTTPD there exist several vulnerabilities. 

After cc httpd.c -o httpd I run slimhttpd with index.html with lines longer than 256 characters and receive:
[1]    1386 segmentation fault (core dumped)  ./http

Also after I run slimhttpd and kill -9 it I am unable to restart server for several minutes due to lack of set SO_REUSEADDR on socket.

I tried to contact the vendor Alex Conroy, ajwak95, but he is too scared to use freenode irc.

 About SlimHTTPD: 

ripe with gaping vulnerabilities

 About ajwak95:

underage

 About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY?
Are you a NIGGER?
Are you a GAY NIGGER?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!
First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE and watch it. You can download the movie (~130mb) using BitTorrent.
Second, you need to succeed in posting a GNAA First Post on slashdot.org, a popular "news for trolls" website.
Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.eu, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today! Upon submitting your application, you will be required to submit links to your successful First Post, and you will be tested on your knowledge of GAYNIGGERS FROM OUTER SPACE.

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is NiggerNET, and you can connect to irc.gnaa.eu as our official server. Follow this link if you are using an irc client such as mIRC. 

If you have mod points and would like to support GNAA, please moderate this post up.

.________________________________________________.
| ______________________________________._a,____    | Press contact:
| _______a_._______a_______aj#0s_____aWY!400.___    | Gary Niger
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___        | gary_niger@...a.eu
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_                 | GNAA Corporate Headquarters
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_               | 143 Rolloffle Avenue
| ________"#,___*@...-N#____`___-!^_____________             | Tarzana, California 91356
| _________#1__________?________________________         |
| _________j1___________________________________          | All other inquiries:
| ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ | Enid Al-Punjabi
| ____!4yaa#l___________________________________   | enid_al_punjabi@...a.eu
| ______-"!^____________________________________ | GNAA World Headquarters
` _______________________________________________' 160-0023 Japan Tokyo-to Shinjuku-ku Nishi-Shinjuku 3-20-2

Copyright (c) 2003-2011 Gay Nigger Association of America


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ