lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <EX-20020911-145406-0001@exchange.fiserv-missive1.fiserv.net>
From: Ray.Percival at summit.fiserv.com (Percival, Ray)
Subject: IMPORTANT SECURITY ADVISORY PLEASE READ!

There is also the one where a guy with a stick sneaks up behind you and hits you on the head then does bad things to your system. Watch out for this one. :)

Ray

-----Original Message-----
From: segfault 
Sent: Wednesday, September 11, 2002 12:48 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] IMPORTANT SECURITY ADVISORY PLEASE READ!



 V4GU3-Disclosure
 http://www.imprettysure.com

 !Security Advisory!

 Advisory Name: This could be bad.

 Application: A widely used daemon.
 
 Platform: A widely used platform.
 
 Date:  9.11.02

 Severity: We speculate attacker could potentially do very bad things
   to you're machine if you do not immediately download the
   security patch from a website we're not sure exists.

 Overview: This service listens on a port and waits for a connection
   from a client, then the service retrieves authentication
   information from the client.  Once authenticated, the client
   can use the service.

 Description: Exploitation of a bug in this service could give an attacker
   ROOT level access to an unpatched machine.  We're pretty sure
   the bug is a buffer overflow somewhere, but we know for
   certain it is exploitable, and is very dangerous.

 Exploit: /* exploit.c by V4GU3-Disclosure staff.

      This program must be run for the exploit to work.
   
      Suggested arguments are:  +vxz 49

      Make sure you are ROOT when you run this!

   */

   #include <stdio.h>
   #include <somethingimportant.h>
   #include <ifyoudontincludethisitwontwork.h>
   #include <rootkit.h>

   int main()
   {
    printf("FUCKING OWNED!")
    return(0);
   }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ