lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Mar 2007 00:45:35 +0100 From: <fabiodancedjsupreme@...hmail.com> To: <full-disclosure@...ts.grok.org.uk> Cc: Subject: fabios ultra vulnerability extravaganza fabios ultra vulnerability extravaganza [wireshark buffer over flow] sscanf (data, "%6d %1s %6d %d:%d:%d.%d %12s %12s ETHV2 Type: %s", &pktnum, direction, &cap_len, &hr, &min, &sec, &csec, destmac, srcmac, type); donot open iseries capturefiles! [apache buffer over flow] static void usage(process_rec *process) { const char *bin = process->argv[0]; char pad[MAX_STRING_LEN]; unsigned i; for (i = 0; i < strlen(bin); i++) { pad[i] = ' '; } this routin will fly over buffer but only with the spaces watch out for: MONTH OF FABIO!!!!!!!!! i get many attentions every day in month! [nagios plugins(they are real nagios not just a extra] -check_http: many many overflow possibillys here course im the dj supremo: #define URI_HOST "%[- ..abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]" #define HD1 URI_HTTP URI_HOST URI_PORT URI_PATH addr = malloc (MAX_IPV4_HOSTLENGTH + 1); if (sscanf (pos, HD1, type, addr, port, url) == 4) { -check_snmp: overflows to when understanding snmpget resullt: char perfstr[MAX_INPUT_BUFFER] = ""; while (ptr) { foo = strstr (ptr, delimiter); strncat(perfstr, ptr, foo-ptr); strcat(perfstr, "="); strcat(perfstr, show); loved the vulnerabilitys? buy also my nice nude calendar!! greats to zybadawg333 (i call u frend ),omid,sapheal,hasadya raed,born to kill by fabio dance dj supreme (i'm fabio with darklong hair and i'm gotta make you M-O-V-E-move to the G-R-O-V-E-grove) -- Click for free info on getting an MBA and make $200K/ year http://tagline.hushmail.com/fc/CAaCXv1I83CeqRUuciNVIIqk41z7nLAB/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists