| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9E97F0997FB84D42B221B9FB203EFA275CBB90@dc1ms2.msad.brookshires.net> From: toddtowles at brookshires.com (Todd Towles) Subject: Shoe 1.0 - Remote Lace Overflow Very funny, nice work. > -----Original Message----- > From: full-disclosure-bounces@...ts.netsys.com > [mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf > Of announce@...0.org > Sent: Wednesday, December 22, 2004 10:21 AM > To: bugtraq@...urityfocus.com; dailydave@...unitysec.com; > full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] Shoe 1.0 - Remote Lace Overflow > > Shoe 1.0 - Remote Lace Overflow > -------------------------------------------- > > This Vulnerability is in reference to the new class of > remote vulnerabilities indicated in: > http://www.securityfocus.com/archive/1/385078/2004-12-19/2004-12-25/2 > [Please read that first] > > Discovery Credited To: > ---------------------- > freshman - 0x90.org > wxs - 0x90.org > txs - 0x90.org > > Greets: > ------- > Jonathan T. Rockway for being the smartest man alive. > > Description: > ------------ > A remote shoe vulnerability exists that could allow for > remote tripping and possible exposure of sensitive data to > the pavement. > > Scope: > ------ > REMOTE > > Severity: > --------- > Hyper-Critical. This needs no explanation. > > Vulnerability: > -------------- > Failure to properly tie your shoe could result in tripping > and a possible broken face upon sudden deceleration when > hitting the pavement. > > Vulnerable Sizes: > ----------------- > 6 through 13. Other sizes may be vulnerable, but were > unavailable for testing. > > Exploitation: > ------------- > You have a 100% secure walking system - you do not fall > down, or trip over your own laces. A remote attacker could > determine your shoe size by reading your livejournal FROM > THE NETWORK and could MAIL YOU a shoe with extra long laces. > You put the shoe on without tying it properly and suddenly > are exposed to a REMOTE shoe vulnerability! > > Fix: > ---- > Do not wear untrusted shoes sent to you. Other possible > workarounds include sandals (aka. flip-flops). These are a > good work-around and are widely available for those > concerned about their security. > > Vendor Notification: > -------------------- > Vendors were not notified at the time of this writing. We > have choosen not to give advance notice because the fault is > not always with the vendor of the shoe as a REMOTE PERSON > could SNAIL MAIL a LOCAL USER a vulnerable shoe. > > We at 0x90.org believe that the users should be happy they > were notified about this. Imagine the mass destruction and > chaos that would ensue if we unleashed a REMOTE SHOE > VULNERABILITY WORM into the wild. At this time we have > choosen not to do that, mostly because we can not afford all > the stamps to mail vulnerable shoes to the public. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists