lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: toddtowles at brookshires.com (Todd Towles)
Subject: Shoe 1.0 - Remote Lace Overflow

Very funny, nice work. 

> -----Original Message-----
> From: full-disclosure-bounces@...ts.netsys.com 
> [mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf 
> Of announce@...0.org
> Sent: Wednesday, December 22, 2004 10:21 AM
> To: bugtraq@...urityfocus.com; dailydave@...unitysec.com; 
> full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Shoe 1.0 - Remote Lace Overflow
> 
>  Shoe 1.0 - Remote Lace Overflow
>  --------------------------------------------
> 
>  This Vulnerability is in reference to the new class of 
> remote vulnerabilities  indicated in: 
>  http://www.securityfocus.com/archive/1/385078/2004-12-19/2004-12-25/2
>  [Please read that first] 
> 
>  Discovery Credited To:
>  ----------------------
>  	freshman - 0x90.org
>  	wxs      - 0x90.org
>  	txs      - 0x90.org
> 
>  Greets:
>  -------
>  Jonathan T. Rockway for being the smartest man alive.
> 
>  Description:
>  ------------
>  A remote shoe vulnerability exists that could allow for 
> remote tripping and  possible exposure of sensitive data to 
> the pavement.
> 
>  Scope:
>  ------
>  REMOTE
> 
>  Severity:
>  ---------
>  Hyper-Critical. This needs no explanation.
> 
>  Vulnerability:
>  --------------
>  Failure to properly tie your shoe could result in tripping 
> and a possible  broken face upon sudden deceleration when 
> hitting the pavement.
> 
>  Vulnerable Sizes: 
>  -----------------
>  6 through 13. Other sizes may be vulnerable, but were 
> unavailable for testing.
> 
>  Exploitation:
>  -------------
>  You have a 100% secure walking system - you do not fall 
> down, or trip over  your own laces.  A remote attacker could 
> determine your shoe size by reading  your livejournal FROM 
> THE NETWORK and could MAIL YOU a shoe with extra long  laces. 
>  You put the shoe on without tying it properly and suddenly 
> are exposed  to a REMOTE shoe vulnerability!
> 
>  Fix:
>  ----
>  Do not wear untrusted shoes sent to you. Other possible 
> workarounds include  sandals (aka. flip-flops). These are a 
> good work-around and are widely  available for those 
> concerned about their security. 
> 
>  Vendor Notification:
>  --------------------
>  Vendors were not notified at the time of this writing.  We 
> have choosen not to  give advance notice because the fault is 
> not always with the vendor of the  shoe as a REMOTE PERSON 
> could SNAIL MAIL a LOCAL USER a  vulnerable shoe.
> 
>  We at 0x90.org believe that the users should be happy they 
> were notified about  this.  Imagine the mass destruction and 
> chaos that would ensue if we unleashed  a REMOTE SHOE 
> VULNERABILITY WORM into the wild.  At this time we have 
> choosen  not to do that, mostly because we can not afford all 
> the stamps to mail  vulnerable shoes to the public.
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists