lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20070317234535.83664DA82B@mailserver7.hushmail.com>
Date: Sun, 18 Mar 2007 00:45:35 +0100
From: <fabiodancedjsupreme@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: fabios ultra vulnerability extravaganza

fabios ultra vulnerability extravaganza

[wireshark buffer over flow]
sscanf (data,
        "%6d   %1s   %6d  %d:%d:%d.%d               %12s  %12s  
ETHV2   Type: %s",
        &pktnum, direction, &cap_len, &hr, &min, &sec, &csec, 
destmac,
        srcmac, type);
donot open iseries capturefiles!

[apache buffer over flow]
static void usage(process_rec *process)
{
    const char *bin = process->argv[0];
    char pad[MAX_STRING_LEN];
    unsigned i;

    for (i = 0; i < strlen(bin); i++) {
        pad[i] = ' ';
    }
this routin will fly over buffer but only with the spaces

watch out for: MONTH OF FABIO!!!!!!!!! i get many attentions every 
day
in month!

[nagios plugins(they are real nagios not just a extra]
-check_http: many many overflow possibillys here course im the dj
supremo:
#define URI_HOST "%[-
..abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
#define HD1 URI_HTTP URI_HOST URI_PORT URI_PATH
addr = malloc (MAX_IPV4_HOSTLENGTH + 1);
if (sscanf (pos, HD1, type, addr, port, url) == 4) {

-check_snmp: overflows to when understanding snmpget resullt:
char perfstr[MAX_INPUT_BUFFER] = "";
while (ptr) {
                foo = strstr (ptr, delimiter);
                strncat(perfstr, ptr, foo-ptr);
                strcat(perfstr, "=");
                strcat(perfstr, show);

loved the vulnerabilitys? buy also my nice nude calendar!!

greats to zybadawg333 (i call u frend ),omid,sapheal,hasadya 
raed,born to kill

by fabio dance dj supreme
(i'm fabio with darklong hair and i'm gotta make you M-O-V-E-move
to the G-R-O-V-E-grove)

--
Click for free info on getting an MBA and make $200K/ year
http://tagline.hushmail.com/fc/CAaCXv1I83CeqRUuciNVIIqk41z7nLAB/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ