| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Dec 2010 21:50:40 +0100 From: Jens Christian Hillerup <jens@...lerup.net> To: full-disclosure@...ts.grok.org.uk Subject: Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Dropping a 0day for y'all. So I found a vulnerability in the license management code in this software. It's off the top of my head, and is presented in an untested state. It seems, however, that if you continue using the software *after* the free 30-day trial it will actually continue working! This is due to a very week license management implementation, relying on the user agreeing to remove the software after having used it for a total of thirty days. This flaw affects all known builds of the source code posted, and stands currently with no workaround or hotfix. The vendor has yet to be contacted, but is expected to push a patch for this vuln any day now. -jc On Thu, Dec 2, 2010 at 9:30 PM, netinfinity <netinfinity.securitylab@...il.com> wrote: > > How much is the commercial version? > > I'd like to buy it for my hosting company. > > On Thu, Dec 2, 2010 at 7:18 PM, <vulnscan@...hmail.com> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Esteemed members of the Full Disclosure mailing list, >> >> In the wake of the recent compromise of the ProFTPd distribution >> server and the subsequent root-level backdoor that was placed into >> the source[0], we are proud to announce a cutting edge source code >> scanner that will help you detect backdoors in your code. This code >> is free to use for 30 days, after which time you must pay for it. >> >> >> - ------------- el8 Vuln Scan v.0.1 ------------- >> >> #!/bin/bash >> >> ################################################################### >> # >> # Place this script inside the top level directory of your >> # source code repo. >> # >> # Please delete this after 30 days, or purchase a copy from our >> # online store. >> # >> # 50% of all proceeds will go to the victims that have been >> # owned by ACIDBITCHES within the past 6 years. >> # >> ################################################################### >> >> # main >> >> export PATH=/bin >> >> grep -r ACIDBITCHES * >> >> - ------------- el8 Vuln Scan v.0.1 ------------- >> >> >> Thank you for helping us to help you make the Internet a safer >> place. >> >> >> [0] >> http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging- >> sigs/7965 >> -----BEGIN PGP SIGNATURE----- >> Charset: UTF8 >> Version: Hush 3.0 >> Note: This signature can be verified at https://www.hushtools.com/verify >> >> wpwEAQMCAAYFAkz34wkACgkQnCf21LwRaXbdlwP/bRK2S7SA77h05jF1cdBty4hefooL >> Zx0GOeABoqTZKnaNuKxGqwdPtg7fyNctrb7iMzehzJWBXnAD1Zik2UCujZINxeE8BFhw >> yTN9gshJZB1cdWSHwxQdiB+NqS9eRqg3s0J8i/9EjzNVkgX4EJTJZMXv9oEUDCgwW92h >> 7KFZMWU= >> =mJJI >> -----END PGP SIGNATURE----- >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > -- > www.google.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists