lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <238db9430601262107o779bee9ej3e7bac1e84104d05@mail.gmail.com>
Date: Fri Jan 27 10:10:02 2006
From: whatstheaddress at gmail.com (Ryan Smith)
Subject: Shareaza Remote Vulnerability

Thanks Todd, the correct link is
http://www.hustlelabs.com/shareaza_advisory.pdf :>

Ad,
I believe what you mean is that I completed 20% of a job, and the job was
correct.  I am sorry you feel my work was incomplete; do you still feel like
you recieved a deliverable that matches the dollar amount you spent on the
research?

On 1/26/06, ad@...poverflow.com <ad@...poverflow.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> where is your proof then that the remote execution is possible, the
> shareaza maker wont probably care until you add a proof on what do you
> claim as exploitable..
> You just made like 20% of a correct job ...
>
>
> Ryan Smith wrote:
> > There is a vulnerability in the current version of Shareaza, a P2P
> > file sharing product.  It results in remote code execution.  Please
> >  see the advisory for more details.  There is no patch.
> >
> > Credit: These vulnerabilities were discovered and researched by
> > Ryan Smith.
> >
> > Contact: WhatsTheAddress@...il.com
> > <mailto:WhatsTheAddress@...il.com>
> >
> > Details: http://www.hustlelabs.com/
> > <
> http://www.security.nnov.ru/?gohttp://www.rem0te.com/public/images/clamav.pdf
> >
> >
> >
> >
> > ----------------------------------------------------------------------
> >
> >
> > _______________________________________________ Full-Disclosure -
> > We believe in it. Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> > sponsored by Secunia - http://secunia.com/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
>
> iQIVAwUBQ9lO0q+LRXunxpxfAQJmXRAAkpwY9Xgwt9NwEv6JeG/gTqkSSoHwAvQo
> e/97GNP+Vz1q8Gv0IxWk4HfmxUmY+oeI76pTwka/yb3p2hbpvVV5i0Ab5pYLt5OL
> M3z8S8P4EGbHTn1JNsRxmO65ZRS0W/2QkYY3tLfcPXUeBekgtFhfpuSe3kPgsvEW
> zGTNrHBngUZpp/AxsodWWNBRPKt8TAfk24mlLC9r/0WTn1jWv8IjBKEmsCi9trzD
> XaIIZMKF9hdmjQYpXYvakwBjm0pHV3bl0IK0oh+iURC2CCWFF7LJTgulGX+QA0PX
> truBCvCdKvlGsZePaugywYl/jR5GT5SS0HNa8ZxjgIoMzZn13UcMKdksFMI6aqqI
> uAwQzI9dh2Hyy35l4VtPvbnqHc2gBkcLQKOh2BCB5KJ/Q45HhoF8YZYTp55W2kBN
> iGQ8jnCPP59006MRt3JqZjWD3iQd5kYwALkHKi96KszbXratq/Q+8Lbp/7N1YVvT
> jqN6B+w0zgMtDyE9ZcT0/vpOD49ILKtN8Et5pjOtqGU0BHvTAVLyDSacwmYHyuXX
> 0dRQl4BT6gITNpmCEvzd86jsTvAe3OwclcsOlZPnWNw4nywE/jEWNlW6/21E9t0y
> JfXcrfADTvErX7tmteZMIAdi2BSuC8+kfMwVEqzRGNo/wGgVKH0qD4cFQXdvuRls
> kAI1sXRWbQ0=
> =4/ii
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060126/4e08ed2a/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ