lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 21 Oct 2011 07:33:42 +1100
From: xD 0x41 <secn3t@...il.com>
To: Laurelai <laurelai@...echan.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [SECURITY][GNAA 1488-1] slimhttpd
	security-update

eep yep sorry but i had a chuckle :P
lol.


On 21 October 2011 02:09, Laurelai <laurelai@...echan.org> wrote:

> On 10/19/2011 06:47 PM, N Za wrote:
> > -----BEGIN HASH SIGNED MESSAGE-----
> > Hash: Bubble
> >
> > -
> -------------------------------------------------------------------------
> > GNAA Security Advisory GNAA-1488-1                   security () gnaa eu
> > http://security.on.nimp.org/                           N Za
> > October 19, 2011                        http://security.on.nimp.org/faq/
> > -
> -------------------------------------------------------------------------
> >
> > Package        : slimhttpd
> > Vulnerability  : several
> > Problem type   : local
> > GNOS-specific bug: no
> > GNOS Bug       :  101
> >
> > In the package `` slimhttpd'' found at
> https://github.com/ajwak95/SlimHTTPD there exist several vulnerabilities.
> >
> > After cc httpd.c -o httpd I run slimhttpd with index.html with lines
> longer than 256 characters and receive:
> > [1]    1386 segmentation fault (core dumped)  ./http
> >
> > Also after I run slimhttpd and kill -9 it I am unable to restart server
> for several minutes due to lack of set SO_REUSEADDR on socket.
> >
> > I tried to contact the vendor Alex Conroy, ajwak95, but he is too scared
> to use freenode irc.
> >
> >   About SlimHTTPD:
> >
> > ripe with gaping vulnerabilities
> >
> >   About ajwak95:
> >
> > underage
> >
> >   About GNAA:
> > GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
> gathers GAY NIGGERS from all over America and abroad for one common goal -
> being GAY NIGGERS.
> >
> > Are you GAY?
> > Are you a NIGGER?
> > Are you a GAY NIGGER?
> >
> > If you answered "Yes" to all of the above questions, then GNAA (GAY
> NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking
> for!
> > Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the
> benefits of being a full-time GNAA member.
> > GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY
> NIGGER community with THOUSANDS of members all over United States of America
> and the World! You, too, can be a part of GNAA if you join today!
> >
> > Why not? It's quick and easy - only 3 simple steps!
> > First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE
> and watch it. You can download the movie (~130mb) using BitTorrent.
> > Second, you need to succeed in posting a GNAA First Post on slashdot.org,
> a popular "news for trolls" website.
> > Third, you need to join the official GNAA irc channel #GNAA on
> irc.gnaa.eu, and apply for membership.
> > Talk to one of the ops or any of the other members in the channel to sign
> up today! Upon submitting your application, you will be required to submit
> links to your successful First Post, and you will be tested on your
> knowledge of GAYNIGGERS FROM OUTER SPACE.
> >
> > If you are having trouble locating #GNAA, the official GAY NIGGER
> ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The
> correct network is NiggerNET, and you can connect to irc.gnaa.eu as our
> official server. Follow this link if you are using an irc client such as
> mIRC.
> >
> > If you have mod points and would like to support GNAA, please moderate
> this post up.
> >
> > .________________________________________________.
> > | ______________________________________._a,____    | Press contact:
> > | _______a_._______a_______aj#0s_____aWY!400.___    | Gary Niger
> > | __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___        |
> gary_niger@...a.eu
> > | _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_                 | GNAA
> Corporate Headquarters
> > | _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_               | 143
> Rolloffle Avenue
> > | ________"#,___*@...-N#____`___-!^_____________             | Tarzana,
> California 91356
> > | _________#1__________?________________________         |
> > | _________j1___________________________________          | All other
> inquiries:
> > | ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ | Enid Al-Punjabi
> > | ____!4yaa#l___________________________________   |
> enid_al_punjabi@...a.eu
> > | ______-"!^____________________________________ | GNAA World
> Headquarters
> > ` _______________________________________________' 160-0023 Japan
> Tokyo-to Shinjuku-ku Nishi-Shinjuku 3-20-2
> >
> > Copyright (c) 2003-2011 Gay Nigger Association of America
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> Did any of the other channers on the list laugh uncontrollably at this?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ