lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200303091014.h29AErdt044402@mailserver2.hushmail.com>
From: argv at hushmail.com (ARGV)
Subject: [argv] sockz loves file exploit exploit

-----BEGIN PGP SIGNED MESSAGE-----


1. Topic:
	sockz loves file exploit exploit

2. Relevant versions:
        Vulnerable: ALL!

        Not Vulnerable:  NONE!

3. Problem description:
	The problem is rooted in script kiddies writing exploits for
	someone else's bad code, yet can't keep exploitable bugs out of their
	own 20 line code.  PRAISE THE OMNIPOTENT BLACKHAT!!!!

	We believe the problem comes from line 22, where is found
	the obfuscated comment:

	// I don't really know how to code, i just rip code and paste in
	// different string thingies

	We believe the above information to be correct, but we will need to
	perform a more thorough analysis of this incredibly complex piece
	of software.

	http://marc.theaimsgroup.com/?l=bugtraq&m=104696992100353&q=p3

	if(!argv[1]) usage(argv[0]);
	^ null pointer dereference

	sprintf(tmp,"echo>%s",evilfile);
	^ no bounds checking!! exploit!!
	system(tmp);
	^ no sanity checks!! evilfile = "blahblah | rm -rf /"
	fd=open(evilfile,O_WRONLY);
	^ whoa, what if it can't be opened?

	elfhdr.e_type=1; //type should by NOT ET_CORE (4) & NOT ET_EXEC (2)
					^ typo

4. Workaround:
	Read your "C in 24 hours" again, oh elite h4x0r
	Rinse
	Repeat
	Enlighten us yet again with your incredible works of art

5. References:
	GREETZ TO SOCKZ FOR THIS EXPLOIT!! WE LOVE YOUR INCESSANT RAMBLINGS,
	AND LOOK FORWARD TO MANY MORE!!

6. Contact:
        argv@...hmail.com


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlkEARECABkFAj5rEdkSHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9BkprUQAn0c3
pGeVtgwcn49eAOBOi2b2zJUQAKCz9as95fDQrLJ2YOR5T1U5wse7OA==
=G+4G
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ