lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b086760e0908010625n18a190f5gf638900e177a99e5@mail.gmail.com>
Date: Sat, 1 Aug 2009 15:25:46 +0200
From: yersinia <yersinia.spiros@...il.com>
To: Kingcope <kcope2@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk, advisories@...ern0t.net
Subject: Re: THISISNOTMYEXPLOIT

On Fri, Jul 31, 2009 at 5:58 PM, Kingcope<kcope2@...glemail.com> wrote:
> Hello people,
> Yes there is a warning when the PoC is compiled. But I guess that is
> not a big issue.

No, problem. It is only necessary to include stdlib.h because malloc
is implicitily defined (gcc complaint). Anyway,  your POC work as
aspected. Thanks. In this days it is difficult to see a true exploit
in a mailing list. The fact that bug was discovered from someone else
is not important : you have rewritten in another language, so it is
only your work.

Regards
> So about what PoC am I talking about?
> It seems that the moderator of bugtraq keeps blocking me because of fancy
> headlines maybe. The moderator of bugtraq blocked the actual exploit but let
> the following messages slip through. The PoC is on milw0rm.com and
> full disclosure.
> Thanks for clarifying the issue with the zones, I really have not a
> 100% understanding
> of the DNS protocol therefore I took a guess on my named.conf file and put the
> address into the PoC.
>
> Thanks for your time,
>
> Kingcope
>
>
> 2009/7/31 yersinia <yersinia.spiros@...il.com>:
>> Repost for mailing problem.
>> On Fri, Jul 31, 2009 at 12:14 AM, yersinia <yersinia.spiros@...il.com> wrote:
>>>
>>> On Thu, Jul 30, 2009 at 1:24 PM, Kingcope <kcope2@...glemail.com> wrote:
>>>>
>>>> Hello again,
>>>> the default setting of 127.in-addr.arpa is a bit weird
>>>>
>>>> try
>>>> ./bind <ip> localhost
>>>
>>> Never mind. I have only a warning from gcc because it was necessary to include stdlib.h for malloc.
>>>
>>> But, the important thing is that it works as aspected.
>>>
>>> Regards
>>>>
>>>> lewls
>>>>
>>>> XD
>>>>
>>>> kcope
>>>>
>>>> 2009/7/30 Kingcope <kcope2@...glemail.com>:
>>>> > I own nothing.
>>>> >
>>>> > Cheers,
>>>> >
>>>> > kcope
>>>> >
>>
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ