lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: fx at phenoelit.de (FX)
Subject: DMCA & Source Tree Abuse

> ----- Forwarded message from Jack Ahz <anoncoder@...oo.com> -----
> The latest striking example is this Phrack article entitled "Burning the
> bridge: Cisco IOS exploits" by the german hacker FX. While the author makes
> several bold claims that he relied purely on the powers of the Force to reverse
> engineer IOS internals, it is quite apparent that the coincidence that IOS 11.3
> is the only
> known version to have leaked widely to the computer underground and IOS 11.3 is
> the only version his exploit works on is slim indeed! I'm sure he figured out
> malloc chunk fields such as 'Last deallocation address' purely on his own, just
> by tinkering around on the serial line.

AFAIK, the code that leaked is 11.2. At least, that's what ppl offer. 
The information (funny: especially the "Last deallocation address") were taken
from PPT shows known as "Networker" off the public cisco.com site. 

And the simple reason for knowing 11.3 best: Got a 11.3 box here and 12.0 is
not vulnerable. 

cheers
FX

-- 
         FX           <fx@...noelit.de>
      Phenoelit   (http://www.phenoelit.de)
672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ