lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: democow8086 at hotmail.com (democow ....)
Subject: C99 Security Alert-Old-New-Who-Cares :) - (:

SECURITY VUNERABILITY ALERT:

hello,
as a new white-hat hacker i would like to help the information security 
industry by posting a new vulnerability in the the linux operating 
system(this vulnerability may be present in many other operation systems 
depending on their implementation of the c)

i am posting this vulnerability to help the security community support 
itself in these troubled times, i know how hard it is for you to improve you 
image in their media these days.. so i would like you to scam a few more 
companies with some penetration tests.. and your “consulting” services

AND PLEASE POST AS MANY EXPLOITS AS YOU CAN BASED ON THE FOLLOWING 
INFORMATION... AS JUST INFORMATION ON THIS PROBLEM IS NOT SUFFICANT TO 
PLEASE SOME PEOPLE... ALSO I WOULD LIKE AS MANY   CONSULTING COMPANIES AS 
POSSIABLE TO OFFER SERVICES USING THEM FOR THEIR OWN PROFIT.. I WOULD HATE 
TO SEE ANYONE HAVE TO LEARN ANYTHING BUT HOW TO COMPILE A PROGRAM..(i do not 
consider writing a report something that anyone who has a education beyond 
that of the 3rd grade something that has to be learned by the corporate 
scam-artist )

-------|LOCATED IN /lib/string.c|-----

char * strcpy(char * dest,const char *src)
{
        char *tmp = dest;

      [1]  while ((*dest++ = *src++) != '\0')
                /* nothing */;
        return tmp;
}

as you can see at line [1] there is no length/intgreaty checking as src is 
being inserted into dest

SOLUTION:
there is no solution to this problem if there were, one would be common by 
now.. as we all know now there are no true standards worth following

just a reminder,
democow “the teat-less wonder”

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ