lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <389AAADB.10019473@mail.gmail.com>
From: slotto at gmail.com (Slotto Corleone)
Subject: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security)

-- .bash_history from the drunken.fi.st box
cd GOBBLES_dvdman
uuencode haxorpc.jpg yo | mail research@...traq.org
--

Please return dvdman's copyright material before continuing any
further communication. Thank you.

On Fri, 30 Apr 2004 00:32:37 -0400, Richard Johnson <thief@...traq.org> wrote:
> 
> On Thu, Apr 29, 2004 at 03:56:50PM -0700, Slotto Corleone wrote:
> > - rave gets his account backdoored on kokanin's box. He finds the
> > obviously placed bindshell stashed as ~/bin/zsh. He laughs and says
> > the backdoor was lame. Well he obviously missed the getpass()
> > LD_PRELOAD, ssh, and passwd all on his local account mailing all his
> > new passwords out. Oh, and he left an exploit (servu.c) in his
> > directory for the version of servu ftpd he was running on his home
> > windows machine. Oops.
> 
> Care to share any additional information on how this described FreeBSD
> kernel bug can be exploited?
> 
> We are ready to pay top dollar for this information, to whoever comes
> forward with it.
> 
> --
> Richard Johnson, CISSP
> Senior Security Researcher
> iDEFENSE Inc.
> thief@...traq.org
> 
> Get paid for security stuff!!!!!!
> http://www.idefense.com/contributor.html
> 
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ