lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: d4yj4y at yahoo.com (Day Jay)
Subject: [argv] PHC Threatcon Monitor & Hacklog Vulnerable

LMFAO!

LOLZ!



--- ARGV <argv@...hmail.com> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> 1. Topic:
> 	Threatcon monitor
> 	Hacklog
> 
> 	OMG WTF LOL -- OHDAY PHC EXPLOIT -- OMG WTF LOL
> 
> 2. Relevant versions:
>         Vulnerable: 1.0
> 
>         Not Vulnerable:  NONE!
> 
> 3. Problem description:
> 	OMG WTF LOL!
> 
> 	http://phrack.efnet.ru/threatbar.c
> 
> 	if ((ffd = open(filename, O_WRONLY | O_CREAT)) < 0)
> 
> 	OMG WTF LOL -- RACE CONDITION -- OMG WTF LOL!!!!!!
> 
> 	TMP RACE 101:
> 		MAKE SYMLINK TO /etc/shadow IN /tmp MATCHING
> FILENAME
> 		WAIT FOR 31337 H4X0R TO RUN THREATBAR
> 		...
> 		PROFIT!
> 
> 	http://phrack.efnet.ru/hacklog.c
> 
> 	OMG WTF LOL -- ANOTHER BUG -- OMG WTF LOL!!!!
> 
>  	if (argc != 3)
>         {
> 	fprintf (stderr, "Usage: %s <typescript>
> <timing-file>\n",
>                  argv[0]);
> 
> 	WHOA MAN, WHAT IF ARGV IS NULL? WHOA MAN! OMG WTF
> LOL!!!
> 
> 4. Workaround:
> 	BOW DOWN TO ME, THE GREAT TSAO
> 	ME SO SMART OMG WTF LOL!!!
> 
> 5. References:
> 	THANKS TO SHIFTEE FOR THE EXPLOITZZZ OMG LOL!!!
> 
> 6. Contact:
>         argv@...hmail.com
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at
> https://www.hushtools.com/verify
> 
>
wlkEARECABkFAj5owsUSHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9Bkpw/MAoKSB
>
0Ault9S+OEhzfn3HcGo1YnpnAKCbVkFThlAMs4GeOcWAcJbavXNR5g==
> =83gT
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> Concerned about your privacy? Follow this link to
> get
> FREE encrypted email: https://www.hushmail.com/?l=2 
> 
> Big $$$ to be made with the HushMail Affiliate
> Program: 
>
https://www.hushmail.com/about.php?subloc=affiliate&l=427
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ