lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <871080DEC5874D41B4E3AFC5C400611ECFCF48@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: C99 Security Alert-Old-New-Who-Cares :) - (:

Normally I wouldn't bother pointing this stuff out, but if you're going
to accuse other people of having less than a third grade
education....well, people who throw stones shouldn't live in glass
houses....

operation systems?  NOT SUFFICANT???  AS POSSIABLE???  Intgreaty???

Maybe you should consider finishing school yourself, before you
criticize others.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

-----Original Message-----
From: democow .... [mailto:democow8086@...mail.com] 
Sent: Thursday, May 29, 2003 10:06 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:


SECURITY VUNERABILITY ALERT:

hello,
as a new white-hat hacker i would like to help the information security 
industry by posting a new vulnerability in the the linux operating 
system(this vulnerability may be present in many other operation systems

depending on their implementation of the c)

i am posting this vulnerability to help the security community support 
itself in these troubled times, i know how hard it is for you to improve
you 
image in their media these days.. so i would like you to scam a few more

companies with some penetration tests.. and your "consulting" services

AND PLEASE POST AS MANY EXPLOITS AS YOU CAN BASED ON THE FOLLOWING 
INFORMATION... AS JUST INFORMATION ON THIS PROBLEM IS NOT SUFFICANT TO 
PLEASE SOME PEOPLE... ALSO I WOULD LIKE AS MANY   CONSULTING COMPANIES
AS 
POSSIABLE TO OFFER SERVICES USING THEM FOR THEIR OWN PROFIT.. I WOULD
HATE 
TO SEE ANYONE HAVE TO LEARN ANYTHING BUT HOW TO COMPILE A PROGRAM..(i do
not 
consider writing a report something that anyone who has a education
beyond 
that of the 3rd grade something that has to be learned by the corporate 
scam-artist )

-------|LOCATED IN /lib/string.c|-----

char * strcpy(char * dest,const char *src)
{
        char *tmp = dest;

      [1]  while ((*dest++ = *src++) != '\0')
                /* nothing */;
        return tmp;
}

as you can see at line [1] there is no length/intgreaty checking as src
is 
being inserted into dest

SOLUTION:
there is no solution to this problem if there were, one would be common
by 
now.. as we all know now there are no true standards worth following

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ