lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 4 May 2013 00:22:54 +0200
From: Jann Horn <jann@...jh.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Trying to send mail to Broadcom

So, I found a vuln for overwriting kernel memory in kernel code by Broadcom for the
Raspberry Pi (afaik not in the official kernel sources, just in the patched
kernel sources for the raspberry pi). It requires you to be in the "video" group,
so it's not very interesting, I think, but I thought, hey, before you share your
PoC for causing a kerneloops with FD, maybe you should contact Broadcom and tell
them so they have a chance to write a fix!

Well, first step: Check their website.
Result: No security contact mail. No contact mail address at all, actually.

Step two: Connect via SMTP, try RFC-specified mailboxes and other common mailboxes
with "RCPT TO", check which are accepted.
Result: Well, <postmaster> isn't accepted, but a lot of other stuff works! Yay!

Step three: Send mail to the addresses that were accepted by "RCPT TO".
Result: Bounces. Turns out the mailserver just accepts everything, then sends bounces.

Step four: Do a whois, send mail to the DNS admin. Not exactly first choice, but oh well...
Result: Bounces, too, because their second SMTP server sees that the mail comes from their
first SMTP server, looks at my SPF record and figures that Broadcom isn't allowed to send
mails in my name. Hooray.

Step five: Spam somewhat-related IRC channels to figure out a working contact mail.
Result: Doesn't bounce – waiting for a reply.


tl;dr: Broadcom, fix your stupid mailservers!

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ