| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061126011921.S13323@ubzr.zsa.bet> Date: Sun, 26 Nov 2006 01:21:50 -0600 (CST) From: "J.A. Terranson" <measl@....org> To: Sean Comeau <scomeau@...secwest.com> Cc: full-disclosure@...ts.grok.org.uk, dead code crew <dead.code.crew@...l.ru> Subject: Re: *BSD banner INT overflow vulnerability On Wed, 22 Nov 2006, Sean Comeau wrote: > On Wed, Nov 22, 2006 at 12:25:46PM +0300, dead code crew wrote: > > > > %uname -sir > > FreeBSD 6.1-RELEASE GENERIC > > %gdb banner > > (gdb) r -w 17000000 > > Program received signal SIGSEGV, Segmentation fault. > > 0x01010101 in ?? () > > > > This doesn't crash banner on OpenBSD, FreeBSD 4.10R doesn't give a shit either. > and even if it did who cares? What would anyone accomplish by making > this setuid root? -bash-2.05b$ ls -al /usr/bin/banner -r-xr-xr-x 1 root wheel 16136 May 25 2004 /usr/bin/banner Good question. -- Yours, J.A. Terranson sysadmin@....org 0xBD4A95BF "Surely the larger lesson learned from that day is that other men, all over the world, took inspiration not from the heroism of the rescuers in New York or the passengers flying over Pennsylvania, but from the 19 hijackers - the twisted brilliance of their scheme and their willingness to sacrifice their lives to make a political and, as they saw it, religious statement." Richard Corliss/Time Magazine 11 Aug 2006 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists