| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro) Subject: About eMule web server "Buffer Overflow" discovered vulnerability sorry , i sent the message only to nathan, ;-) here is it. best regards. ----- Original Message ----- From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@...g-security.com> To: <nathan.grandbois@...dant.com> Sent: Friday, October 24, 2003 6:56 PM Subject: Re: [Full-Disclosure] About eMule web server "Buffer Overflow" discovered vulnerability > Hi nathan, > yeah , its many common to use in a bad context. > many common when somebody talks about a thing that it's not known. > ;-) > FOR ALL MEMBERS: > is somebody going to stay in spanish SIMO TCI ??? ( like the 3 and other > technology meetings ) > its really good except some stands: > Microsoft -> The worst dj's of the world > The spin cow shits > .-SPANISH GOVERNMENT-. > MCIT -> > The worst i+d help to little enterprises > The worst services > Pure liers about high band connections , they promise > cheaper connections but they don't do nothing !!! > > Best regards to all, > ------------------------------- > 0x00->Lorenzo Hernandez Garcia-Hierro > 0x01->\x74\x72\x75\x6c\x75\x78 > 0x02->The truth is out there, > 0x03-> outside your mind . > __________________________________ > PGP: Keyfingerprint > 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B > ID: 0x91805F5B > ********************************** > \x6e\x73\x72\x67 > \x73\x65\x63\x75\x72\x69\x74\x79 > \x72\x65\x73\x65\x61\x72\x63\x68 > http://www.nsrg-security.com > ______________________ > ----- Original Message ----- > From: "Nathan" <nathan.grandbois@...dant.com> > To: "'Lorenzo Hernandez Garcia-Hierro'" <lorenzohgh@...g-security.com> > Sent: Friday, October 24, 2003 6:51 PM > Subject: RE: [Full-Disclosure] About eMule web server "Buffer Overflow" > discovered vulnerability > > > > I agree, people use it in the wrong context very often. > > > > -----Original Message----- > > From: Lorenzo Hernandez Garcia-Hierro > > [mailto:lorenzohgh@...g-security.com] > > Sent: Friday, October 24, 2003 12:02 PM > > To: nathan.grandbois@...dant.com > > Subject: Re: [Full-Disclosure] About eMule web server "Buffer Overflow" > > discovered vulnerability > > > > > > Thanks Nathan. > > it seems a stupid expression xD > > best regards, > > ------------------------------- > > 0x00->Lorenzo Hernandez Garcia-Hierro > > 0x01->\x74\x72\x75\x6c\x75\x78 > > 0x02->The truth is out there, > > 0x03-> outside your mind . > > __________________________________ > > PGP: Keyfingerprint > > 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B > > ID: 0x91805F5B > > ********************************** > > \x6e\x73\x72\x67 > > \x73\x65\x63\x75\x72\x69\x74\x79 > > \x72\x65\x73\x65\x61\x72\x63\x68 > > http://www.nsrg-security.com > > ______________________ > > ----- Original Message ----- > > From: "Nathan" <nathan.grandbois@...dant.com> > > To: "'Lorenzo Hernandez Garcia-Hierro'" <lorenzohgh@...g-security.com> > > Sent: Friday, October 24, 2003 6:04 PM > > Subject: RE: [Full-Disclosure] About eMule web server "Buffer Overflow" > > discovered vulnerability > > > > > > > LOL=Laughing out Loud > > > > > > -----Original Message----- > > > From: full-disclosure-admin@...ts.netsys.com > > > [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Lorenzo > > > Hernandez Garcia-Hierro > > > Sent: Friday, October 24, 2003 10:13 AM > > > To: Full-Disclosure > > > Cc: BUGTRAQ > > > Subject: [Full-Disclosure] About eMule web server "Buffer Overflow" > > > discovered vulnerability > > > > > > > > > Hi again, > > > Umm , i've read in the website of my friend , 3APA3A , ( > > security.nnov.ru ) > > > a person discovered a supposed "Buffer Overflow" in the eMule > > > webserver used for remote administration. > > > It is not a Buffer Overflow , you don't corrupt the stack and then > insert > > > data to gain shell access or similar > > > and definately it is not a non-remote exploitable buffer oveflow, > > > it is only a typical Denial of Service attack against an incorrect data > > > handler with the only protection of the user side. > > > So , if you read one of my past advisories you can see my advisory about > > > Sambar Server search.pl Buffer Overflow, > > > it was wrong too xD , i was confused but long time passed since that > > > advisory. > > > Its common to confuse the DoS attacks and Buffer Overflows. > > > NOTE: the search.pl script of sambar had the same problem , an incorrect > > > input data handler that allowed to make DoS attacks against > > > the sambar webserver and the perl executable ( i wrote Buffer Overflow > due > > > to this , i didn't know if the perl executable could allow to > > > corrupt the stack or similar ), so it was only a DoS , simple and easy. > > > > > > Best regards to all, > > > PS: can somebody tell me about the l0l experssion ? is it laughting on > the > > > loud ? xD a stupid question i know ! > > > ------------------------------- > > > 0x00->Lorenzo Hernandez Garcia-Hierro > > > 0x01->/* not csh but sh */ > > > 0x02->$ PATH=pretending!/usr/ucb/which sense > > > 0x03-> no sense in pretending! > > > __________________________________ > > > PGP: Keyfingerprint > > > 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B > > > ID: 0x91805F5B > > > ********************************** > > > No Secure Root Group Security Research Team > > > http://www.nsrg-security.com > > > ______________________ > > > > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > > > > > > > > >
Powered by blists - more mailing lists