lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20020901010828.A19340@netsys.com>
From: len at netsys.com (Len Rose)
Subject: Re: [security bulletin] SSRT2275 HP Tru64 UNIX - Potential Buffer Overflows  & SSRT2229 Potential Denial of Service (fwd)

>From the How Lame Can It Get or Intellectual Levels 
of the Net are dropping each year Dept.

The example MD5/SHA1 perl script HP/Compaq recommends
on the page referenced in the below excerpt, is broken
because they didn't escape the greater than/less than
symbols. When the page is rendered by any browser the
code appears as "while()" instead of the proper "while(<FILE>)"

One can envision some poor sod sitting there endlessly waiting
for his md5/sha1 checksum to appear because he copied and pasted
the example script. (it will just sit there endlessly chewing up
cpu)

Either this is a joke, or a denial of service attack brought
to you by the new, improved HP/Compaq technical elite :)


# snip
use Digest::MD5;
use Digest::SHA1;

                                                                   
my $file = shift;                                            
open(FILE, $file) or die "Can't open '$file': $!";        
binmode(FILE);                     
                                       
$md5 = Digest::MD5->new;                  
$sha1 = Digest::SHA1->new;                    
                                              
while (<FILE>) {                            
    $md5->add($_);                     
    $sha1->add($_);                              
}                                         
close(FILE);                                                         
print $md5->hexdigest," ","$file"," ","MD5\n";
print $sha1->hexdigest," ","$file"," ","SHA1\n";  
                                                  
#end snip


(http://www.support.compaq.com/patches/whats-new.shtml)


On Sat, Aug 31, 2002 at 11:47:56AM -0600, Dave Ahmad wrote:
> 
> 
>     Information on how to verify MD5 and SHA1 checksums is
>     available at: http://www.support.compaq.com/patches/whats-new.shtml
>
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ