| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Oct 2011 14:57:30 +0100
From: Darren Martyn <d.martyn.fulldisclosure@...il.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [SECURITY][GNAA 1488-1] slimhttpd
security-update
Had to giggle when I saw it yesterday. ALMOST got nimped too at that,...
On Thu, Oct 20, 2011 at 9:33 PM, xD 0x41 <secn3t@...il.com> wrote:
> eep yep sorry but i had a chuckle :P
> lol.
>
>
>
> On 21 October 2011 02:09, Laurelai <laurelai@...echan.org> wrote:
>
>> On 10/19/2011 06:47 PM, N Za wrote:
>> > -----BEGIN HASH SIGNED MESSAGE-----
>> > Hash: Bubble
>> >
>> > -
>> -------------------------------------------------------------------------
>> > GNAA Security Advisory GNAA-1488-1 security () gnaa eu
>> > http://security.on.nimp.org/ N Za
>> > October 19, 2011
>> http://security.on.nimp.org/faq/
>> > -
>> -------------------------------------------------------------------------
>> >
>> > Package : slimhttpd
>> > Vulnerability : several
>> > Problem type : local
>> > GNOS-specific bug: no
>> > GNOS Bug : 101
>> >
>> > In the package `` slimhttpd'' found at
>> https://github.com/ajwak95/SlimHTTPD there exist several vulnerabilities.
>> >
>> > After cc httpd.c -o httpd I run slimhttpd with index.html with lines
>> longer than 256 characters and receive:
>> > [1] 1386 segmentation fault (core dumped) ./http
>> >
>> > Also after I run slimhttpd and kill -9 it I am unable to restart server
>> for several minutes due to lack of set SO_REUSEADDR on socket.
>> >
>> > I tried to contact the vendor Alex Conroy, ajwak95, but he is too scared
>> to use freenode irc.
>> >
>> > About SlimHTTPD:
>> >
>> > ripe with gaping vulnerabilities
>> >
>> > About ajwak95:
>> >
>> > underage
>> >
>> > About GNAA:
>> > GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
>> gathers GAY NIGGERS from all over America and abroad for one common goal -
>> being GAY NIGGERS.
>> >
>> > Are you GAY?
>> > Are you a NIGGER?
>> > Are you a GAY NIGGER?
>> >
>> > If you answered "Yes" to all of the above questions, then GNAA (GAY
>> NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking
>> for!
>> > Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the
>> benefits of being a full-time GNAA member.
>> > GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY
>> NIGGER community with THOUSANDS of members all over United States of America
>> and the World! You, too, can be a part of GNAA if you join today!
>> >
>> > Why not? It's quick and easy - only 3 simple steps!
>> > First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE
>> MOVIE and watch it. You can download the movie (~130mb) using BitTorrent.
>> > Second, you need to succeed in posting a GNAA First Post on
>> slashdot.org, a popular "news for trolls" website.
>> > Third, you need to join the official GNAA irc channel #GNAA on
>> irc.gnaa.eu, and apply for membership.
>> > Talk to one of the ops or any of the other members in the channel to
>> sign up today! Upon submitting your application, you will be required to
>> submit links to your successful First Post, and you will be tested on your
>> knowledge of GAYNIGGERS FROM OUTER SPACE.
>> >
>> > If you are having trouble locating #GNAA, the official GAY NIGGER
>> ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The
>> correct network is NiggerNET, and you can connect to irc.gnaa.eu as our
>> official server. Follow this link if you are using an irc client such as
>> mIRC.
>> >
>> > If you have mod points and would like to support GNAA, please moderate
>> this post up.
>> >
>> > .________________________________________________.
>> > | ______________________________________._a,____ | Press contact:
>> > | _______a_._______a_______aj#0s_____aWY!400.___ | Gary Niger
>> > | __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ |
>> gary_niger@...a.eu
>> > | _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ | GNAA
>> Corporate Headquarters
>> > | _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ | 143
>> Rolloffle Avenue
>> > | ________"#,___*@...-N#____`___-!^_____________ | Tarzana,
>> California 91356
>> > | _________#1__________?________________________ |
>> > | _________j1___________________________________ | All other
>> inquiries:
>> > | ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ | Enid Al-Punjabi
>> > | ____!4yaa#l___________________________________ |
>> enid_al_punjabi@...a.eu
>> > | ______-"!^____________________________________ | GNAA World
>> Headquarters
>> > ` _______________________________________________' 160-0023 Japan
>> Tokyo-to Shinjuku-ku Nishi-Shinjuku 3-20-2
>> >
>> > Copyright (c) 2003-2011 Gay Nigger Association of America
>> >
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> Did any of the other channers on the list laugh uncontrollably at this?
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists