lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200211290610.gAT6AWSd048020@mailserver2.hushmail.com>
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - Linux insmod Advisory

-----BEGIN PGP SIGNED MESSAGE-----

Dear List,

We've been sitting on this bug for quite some time, and now feel that
it is the appropriate time to share this information with the rest of
the world.  Patches will be available soon, so be sure to get your
apt-get and up2date scripts ready to roll.

# cat ESinsmod.txt
       +-+-+-+-+ +-+-+-+-+ [ Electronic Souls ] +-+-+-+-+ +-+-+-+-+

Research made by BuRn-X and vux! /sbin/insmod can't be exploited because it isn't suid but it stills a format bug.

Phat Linux testing:
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-mandrake-linux"...
(no debugging symbols found)...
(gdb) r `perl -e'print "%n"x4086'`
Starting program: /sbin/insmod `perl -e'print "%n"x4086'`

Program received signal SIGSEGV, Segmentation fault.
0x40070ff3 in vsnprintf () from /lib/libc.so.6
(gdb)

GOT addresses:
- --> 0804eea4 R_386_JUMP_SLOT   vsnprintf

#

Thank you, and have a good day.

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"Pretzels do taste, yum, yes."
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlMEARECABMFAj3nBOcMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltkgMAoJNglGyXQJYL
7b/Ep6CZY/mAg3k/AKChlY1P/EjFMB8LrP/tcxFOtbPHEA==
=zfwp
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ