| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: slotto at gmail.com (Slotto Corleone) Subject: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) -- .bash_history from the drunken.fi.st box cd GOBBLES_dvdman uuencode haxorpc.jpg yo | mail research@...traq.org -- Please return dvdman's copyright material before continuing any further communication. Thank you. On Fri, 30 Apr 2004 00:32:37 -0400, Richard Johnson <thief@...traq.org> wrote: > > On Thu, Apr 29, 2004 at 03:56:50PM -0700, Slotto Corleone wrote: > > - rave gets his account backdoored on kokanin's box. He finds the > > obviously placed bindshell stashed as ~/bin/zsh. He laughs and says > > the backdoor was lame. Well he obviously missed the getpass() > > LD_PRELOAD, ssh, and passwd all on his local account mailing all his > > new passwords out. Oh, and he left an exploit (servu.c) in his > > directory for the version of servu ftpd he was running on his home > > windows machine. Oops. > > Care to share any additional information on how this described FreeBSD > kernel bug can be exploited? > > We are ready to pay top dollar for this information, to whoever comes > forward with it. > > -- > Richard Johnson, CISSP > Senior Security Researcher > iDEFENSE Inc. > thief@...traq.org > > Get paid for security stuff!!!!!! > http://www.idefense.com/contributor.html > >
Powered by blists - more mailing lists