lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200209112003.g8BK3Y355068@mailserver4.hushmail.com>
From: gobbles at hush.com (gobbles@...h.com)
Subject: IMPORTANT SECURITY ADVISORY PLEASE READ!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

also do bad things to anus

>There is also the one where a guy with a stick sneaks up behind
> you and hits you on the head then does bad things to your system. Watch out for this one. :)
>
>Ray
>
>-----Original Message-----
>From: segfault
>Sent: Wednesday, September 11, 2002 12:48 PM
>To: full-disclosure@...ts.netsys.com
>Subject: [Full-Disclosure] IMPORTANT SECURITY ADVISORY PLEASE R
>EAD!
>
>
>
> V4GU3-Disclosure
> http://www.imprettysure.com
>
> !Security Advisory!
>
> Advisory Name: This could be bad.
>
> Application: A widely used daemon.
>
> Platform: A widely used platform.
>
> Date:  9.11.02
>
> Severity: We speculate attacker could potentially do very bad
>things
>   to you're machine if you do not immediately download the
>   security patch from a website we're not sure exists.
>
> Overview: This service listens on a port and waits for a conne
>ction
>   from a client, then the service retrieves authentication
>   information from the client.  Once authenticated, the client
>
>   can use the service.
>
> Description: Exploitation of a bug in this service could give
>an attacker
>   ROOT level access to an unpatched machine.  We're pretty sur
>e
>   the bug is a buffer overflow somewhere, but we know for
>   certain it is exploitable, and is very dangerous.
>
> Exploit: /* exploit.c by V4GU3-Disclosure staff.
>
>      This program must be run for the exploit to work.
>
>      Suggested arguments are:  +vxz 49
>
>      Make sure you are ROOT when you run this!
>
>   */
>
>   #include <stdio.h>
>   #include <somethingimportant.h>
>   #include <ifyoudontincludethisitwontwork.h>
>   #include <rootkit.h>
>
>   int main()
>   {
>    printf("FUCKING OWNED!")
>    return(0);
>   }
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlgEARECABgFAj1/r6ARHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56tGTwCfdjpG
HzgtTlTU5VW8L8JiLADBXOQAoJpWXFmK82PW36kpOpk5m+i6bIoB
=jdhx
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ