lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTi=3yjY==qRJ99Qh0aSRdT2OO_Tse9e-UF92z+E1@mail.gmail.com>
Date: Thu, 2 Dec 2010 21:50:40 +0100
From: Jens Christian Hillerup <jens@...lerup.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: New Source Code Vulnerability Scanner (Free
 30 Day Trial)

Dropping a 0day for y'all.

So I found a vulnerability in the license management code in this
software. It's off the top of my head, and is presented in an untested
state. It seems, however, that if you continue using the software
*after* the free 30-day trial it will actually continue working! This
is due to a very week license management implementation, relying on
the user agreeing to remove the software after having used it for a
total of thirty days.

This flaw affects all known builds of the source code posted, and
stands currently with no workaround or hotfix. The vendor has yet to
be contacted, but is expected to push a patch for this vuln any day
now.

-jc

On Thu, Dec 2, 2010 at 9:30 PM, netinfinity
<netinfinity.securitylab@...il.com> wrote:
>
> How much is the commercial version?
>
> I'd like to buy it for my hosting company.
>
> On Thu, Dec 2, 2010 at 7:18 PM, <vulnscan@...hmail.com> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Esteemed members of the Full Disclosure mailing list,
>>
>> In the wake of the recent compromise of the ProFTPd distribution
>> server and the subsequent root-level backdoor that was placed into
>> the source[0], we are proud to announce a cutting edge source code
>> scanner that will help you detect backdoors in your code. This code
>> is free to use for 30 days, after which time you must pay for it.
>>
>>
>> - ------------- el8 Vuln Scan v.0.1 -------------
>>
>> #!/bin/bash
>>
>> ###################################################################
>> #
>> # Place this script inside the top level directory of your
>> # source code repo.
>> #
>> # Please delete this after 30 days, or purchase a copy from our
>> # online store.
>> #
>> # 50% of all proceeds will go to the victims that have been
>> # owned by ACIDBITCHES within the past 6 years.
>> #
>> ###################################################################
>>
>> # main
>>
>> export PATH=/bin
>>
>> grep -r ACIDBITCHES *
>>
>> - ------------- el8 Vuln Scan v.0.1 -------------
>>
>>
>> Thank you for helping us to help you make the Internet a safer
>> place.
>>
>>
>> [0]
>> http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging-
>> sigs/7965
>> -----BEGIN PGP SIGNATURE-----
>> Charset: UTF8
>> Version: Hush 3.0
>> Note: This signature can be verified at https://www.hushtools.com/verify
>>
>> wpwEAQMCAAYFAkz34wkACgkQnCf21LwRaXbdlwP/bRK2S7SA77h05jF1cdBty4hefooL
>> Zx0GOeABoqTZKnaNuKxGqwdPtg7fyNctrb7iMzehzJWBXnAD1Zik2UCujZINxeE8BFhw
>> yTN9gshJZB1cdWSHwxQdiB+NqS9eRqg3s0J8i/9EjzNVkgX4EJTJZMXv9oEUDCgwW92h
>> 7KFZMWU=
>> =mJJI
>> -----END PGP SIGNATURE-----
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
> www.google.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ