[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20020901010828.A19340@netsys.com>
From: len at netsys.com (Len Rose)
Subject: Re: [security bulletin] SSRT2275 HP Tru64 UNIX - Potential Buffer Overflows & SSRT2229 Potential Denial of Service (fwd)
>From the How Lame Can It Get or Intellectual Levels
of the Net are dropping each year Dept.
The example MD5/SHA1 perl script HP/Compaq recommends
on the page referenced in the below excerpt, is broken
because they didn't escape the greater than/less than
symbols. When the page is rendered by any browser the
code appears as "while()" instead of the proper "while(<FILE>)"
One can envision some poor sod sitting there endlessly waiting
for his md5/sha1 checksum to appear because he copied and pasted
the example script. (it will just sit there endlessly chewing up
cpu)
Either this is a joke, or a denial of service attack brought
to you by the new, improved HP/Compaq technical elite :)
# snip
use Digest::MD5;
use Digest::SHA1;
my $file = shift;
open(FILE, $file) or die "Can't open '$file': $!";
binmode(FILE);
$md5 = Digest::MD5->new;
$sha1 = Digest::SHA1->new;
while (<FILE>) {
$md5->add($_);
$sha1->add($_);
}
close(FILE);
print $md5->hexdigest," ","$file"," ","MD5\n";
print $sha1->hexdigest," ","$file"," ","SHA1\n";
#end snip
(http://www.support.compaq.com/patches/whats-new.shtml)
On Sat, Aug 31, 2002 at 11:47:56AM -0600, Dave Ahmad wrote:
>
>
> Information on how to verify MD5 and SHA1 checksums is
> available at: http://www.support.compaq.com/patches/whats-new.shtml
>
Powered by blists - more mailing lists