| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Nov 2006 00:35:10 +1300 From: Nick FitzGerald <nick@...us-l.demon.co.uk> To: full-disclosure@...ts.grok.org.uk Subject: Re: *BSD banner INT overflow vulnerability daylasoul@...h.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sun, 26 Nov 2006 01:21:50 -0600 "J.A. Terranson" <measl@....org> > wrote: > >On Wed, 22 Nov 2006, Sean Comeau wrote: > > > >> On Wed, Nov 22, 2006 at 12:25:46PM +0300, dead code crew wrote: > >> > > >> > %uname -sir > >> > FreeBSD 6.1-RELEASE GENERIC > >> > %gdb banner > >> > (gdb) r -w 17000000 > >> > Program received signal SIGSEGV, Segmentation fault. > >> > 0x01010101 in ?? () > >> > > >> > >> This doesn't crash banner on OpenBSD, > > > >FreeBSD 4.10R doesn't give a shit either. > > > >> and even if it did who cares? What would anyone accomplish by > >making > >> this setuid root? > > > > -bash-2.05b$ ls -al /usr/bin/banner > > -r-xr-xr-x 1 root wheel 16136 May 25 2004 /usr/bin/banner > > > >Good question. > > > >-- > >Yours, > > > >J.A. Terranson > >sysadmin@....org > >0xBD4A95BF > > > >"Surely the larger lesson learned from that day is that other men, > >all > >over the world, took inspiration not from the heroism of the > >rescuers in > >New York or the passengers flying over Pennsylvania, but from the > >19 > >hijackers - the twisted brilliance of their scheme and their > >willingness > >to sacrifice their lives to make a political and, as they saw it, > >religious statement." > > > >Richard Corliss/Time Magazine > >11 Aug 2006 > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > Please maintain a reasonable standard of netiquette when posting. > Thanks. Who died and made you list-nanny? Oh, that's right no-fucking-one. Your pathetic posts contribute nothing but noise to the list -- piss off... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists