lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030109035411.82866.qmail@web14707.mail.yahoo.com>
From: anoncoder at yahoo.com (Jack Ahz)
Subject: Exploit for auth2-pam for vuln linux opensshd

Dear reader,
Yours truly would like to note the following:

Globalintersec Research is a hoax. Unbelievably, the only thing that makes me
angrier than a 0day factory like ISS, which churns out advisory after advisory
due to the unethical and illegal auditing of proprietary source code found on
irc and plan9.hert.org, is a security company consisting of complete morons
that is able to make money (SOMEHOW) by completely fooling the public.

KF, of GLOBALINTERSEC SECURITY, THIS MEANS YOU!

Note: At least ISS uses illegal means and genuine skills to audit proprietary
source code and find real, useful bugs.

Let's think about it. KF MADE THIS POST TO VULN-DEV:

-----------------------------
My question is does anyone know how to programatically do this? Do i 
need to make use of bit shifting or something? I need only a program to 
print the list to the screen or something simple. Example output would 
be ...

AAAA
BBBBB
....
AAAB
AAAC
...
and so on but ONLY unique posibilities.

-KF
-----------------------------

NOTE THAT NOT EVEN THIS QUESTION WAS ERROR-FREE (THE SECOND ENTRY HAS 5 B'S)

So are we to believe that somebody lacking the most basic C-skillz is able to
craft an exploit for opensshd for linux?

Is it not apparent that if this bug were easily exploitable, SOME FUCKING IDIOT
would have already posted the exploit to packetstorm, like MR ZENITH PARSEC?


KF continues in his vuln-dev post,
"Hah this is great... and to think a simple question like that stumped my 
local java AND c++ instructors. "

Where did you go to school, the University of Swaziland?

Anyhow, I am straying off topic. Let not my hate of the KF cloud my message.

The point is this:
I have looked through the auth2-pam.c file a while ago, and determined that the
sshd daemon was certainly not exploitable in the way which was described in the
advisory, due to certain counter variables and corruption of the heap. Now,
this was a while ago, and I'm only going by what my own memory serves up.

The same goes for the FAKE GLOBALINTERSEC sudo advisory. It is quite apparent
that the gdb output was fabricated. Running neither one of those programs with
a few simple command will cause some textbook heap corruption scenario where
the malloc chunk headers are 'merely overwritten' by a long string of A's. Even
Mr. FC could have crafted up an exploit in less than 8 months IF THAT WERE THE
CASE.

Solution:
KF[GLOBALINTERSEC], admit to the world that you are a fraud and faked gdb
output in an effort to gain fame. At least I applaud for not signing your name
as 'KF' to your advisories. Globalintersec would have certainly been out of
business by now if that were the case.
If KF admits he is a liar, this will all stop.

Potential Counter-Solution:
Say KF does not admit he is a fraud. I will be forced to go back through a pile
of old worthless code to show that his exploitable condition is impossible
(which is not to say at all that exploitation in some way is impossible).

-- END --

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ