lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Jan 2012 20:56:24 -0300 From: root <root_@...ertel.com.ar> To: full-disclosure@...ts.grok.org.uk Subject: Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service BTW you bug is a division by zero and it's here: Linux/net/ipv4/igmp.c 178 static void igmp_start_timer(struct ip_mc_list *im, int max_delay) 179 { 180 int tv = net_random() % max_delay; <--- max_delay==0 181 182 im->tm_running = 1; 183 if (!mod_timer(&im->timer, jiffies+tv+2)) 184 atomic_inc(&im->refcnt); 185 } 186 On 01/19/2012 08:49 PM, root wrote: > Hi, > > You already have a good reputation as a bug-finder. > IMHO, releasing additional research in a hurry like this can only > tarnish that reputation and feed the trolls. > Providing a kernel stack trace ( http://imgur.com/klC4k ) or a more > reliable PoC can't take more than an hour, and it will greatly enhance > the quality of the report. > > If you are worried several people has founded a particular bug and > publication is imminent, then maybe was not such a great find to begin > with :) > > > > > > > On 01/19/2012 02:32 PM, HI-TECH . wrote: >> Hi XD, >> >> Am 19. Januar 2012 15:27 schrieb xD 0x41 <secn3t@...il.com>: >>> Oh and btw, that coding style, just aint you dude... you know, >>> everyone has theyre own fingerprint, i find it really hard to think >>> that, you just made this mistakes in cksum area,wich was area wich >>> actually does the exploiting :P , so why release crap ? why not make >> >> I release it because it worked for me INSIDE TWO VM's, I had no clue about the >> checksum error. I didnt cripple it. It worked in my tests because I >> bet the vmware >> did adjust the checksums to be correct. >> Why release that crap? Because I wanted to be the first to release an >> exploit for it >> for fame and glory and it was coded in a hurry, I was thinking it >> actually works (I am doing >> more tests now on real hardware so I can be sure) >> >>> it half decent, and as i said, it was not even your coding style so im >>> finding this really hard to believe it wwas yours, maybe was modified >>> , from many many similars, but, i guess thats normal... you tend to >> >> It is modified code from other coders as stated in the header. >> >>> use perl, and bash alot, within your bash, is the .c, and that is your >>> style... like zx2c has, like dan rosenberg and JO, all kep the same >>> style, because it is habit for any coder.. you dont just change styles >>> this fast, or did you get some realllly good ebooks coz, show me where >>> you found so i can catch up to it :P) >> >> I didnt change my coding style, it was just done in a hurry so Dan or >> Jon wouldnt beat me on that BWHAHAHA. >> >>> Love you long time pal, but, find this one abit shitty, and, i do like >>> everything in past, your codes going back to you know when, but this >>> is bs, and if you were gonna rls it, you shulda fucked with the >>> numbers maybe, but, let it fkn run, it was made as poc for lan test >>> right, so why cripple it, thats just silly... thats why i attack it, >>> and, i dont really care a shit who coded it, but, i doubt it was >>> anyone in that code. >> >> You can attack it its your opinion and thats totally fine. I didnt >> cripple the code >> actually. >> >>> have a good day and, no offence over this but, it just shits me when >>> people, who know better, go out of theyre way and release publically, >>> shit wich is fucked up and, in this case, would waste a persons time, >>> and, you even put tested on, and, now, how would it be tested with >>> that cksum, please explain that then, your saying you dont have time >>> but stop bullshit man, you crippled it, just fkn admit it, it could >>> NOT work setup, without the damn cksum, as it was part of sento! how >>> could this, be any use, even with the settings back to old, without my >>> edit.... you show me one fucking real test, i mean, compile the code, >>> infront of people, then go make your fYT vids, seriously, I have told >>> Jon Oberheldie this, and others, str8 up, if you release crippled >>> shit, your as shit as what you cripple mate. >> >> You forget about all the codes I rlsed before. As I said this was done >> in a hurry. You had a look at roaring beast ? How can you tell me I send >> crippled codes out? Buddy I m human too and do mistakes. >> >>> thats just my point of view and really, this is d0s, wich, i dont care >>> for..im saying, you dont see AB release some fucked up exploit every >> >> AB? whos that ? >> >>> 2months, and makeSURE it dont work , you dont see anyone release shit >>> like this anymore with such blatant errors, its just shitty, luckily i >>> nano'd it, yea, i like nano ok, or i would have wasted time >> >> wtf ? come on.. nano.. this is getting silly >> >>> kcope...its just that simple, and no offences atall, i was able to >>> spot this, but, do not sit there, telling me and everyone else, that >>> it was working, tested... coz, we both know that was NOT the same code >>> released, you cannot deny the code.... simple. >>> you screwed this one up. go back to exploiting :P itsd better and your >>> better at it! :P >> >> As I said I tested it with two VMS in a testbed and both Ubuntu and >> OpenSUSE crashed >> instantly. >> >>> I like your shit, but, i realllllly prefer, when kxcope, is thinking >>> of b0f and new methods etc, like i know the one from 2009 did, and >>> found the biggest remote hole ever,and you even released this , and >>> people can hate you and whatever but there is no denying it, your damn >>> skilled, so im just saying, i dont like crippled work, nowdays, and >>> when it is released with a mark of approval, from someone i trust. >> >> Its 2011 and I found a bug in FreeBSD ftpd. Which is better than ProFTPD coz >> it rocks, have you ever seen a bug in FreeBSD ftpd since ~10 years ? >> >>> this is private, and, stays here but, this is why i attacked you dude, >>> and, nothing bad about it, it stays here, and, thats it... i wont say >>> shit, i have said what i wanted, your a nice guy, i like you, so, >>> thats all, i just dont want to see you ending up like them other fags, >>> they have 0 respect UG... you do atleast have that... fuck fd lists >>> respect... but still, you just had to leave out that line 'tested' ;) >> >> I like the public scene more than the dark one. >> >>> ok, sorry for any confusion etc but, thats all i think and, i want you >>> to know exactly what i think, and know i am not being mean atall... >>> and apologise for even puttingthat retort onto fd..i should have just >> OMG how the ***** you have time to write me so long lines ? >> >>> pmd you, but i loose sight of your nickname sometimes...anyhow... i >>> hope your not offended but, i did not try to offend you atall, i just >>> found it really weird that yopu released that and, it was shitty >>> lol... lan d0s :P i mean, we could have lan PARTY now, we could all >>> get drunk and crunk but, not lan-d0s :P >> >> HEHE, I want to see the CCC Hackerspace got hit by that. >> >>> hehe, tcare man, i fucking find you one of my inspirations and why i >>> get up everyday, is to greet the people, who have some repspect in >>> them, i will makesure also the post goes only for regged members or >>> sumthin also, just to make it abit harder i guess for ppl to look >>> at...fkit.. i should not have even bothered saying shit but, i love >>> packets :P >> >> I have respect of you too. But next time please dont rls my FreeBSD locals >> on pastebin. >> >>> i just do, and, i added the other codes, so anyone could modify the >>> other codes, or port it to windows... and, nothing more... it is only >>> a frag adding app, and shows basic socket use... nothing more... so, >>> it was basically, an adon, to your tool, it would be nice to do a test >>> with fragging.. anyhow, i might do that myself...see howfar this bug >>> can be pushed... take care man, i hope your cool , take it easy and >>> speak to you soon >>> drew >> >> Ok good, so your code works actually? Over the internet ............ >> This is an exercise for the interested reader. >> >> Regards, >> >> Kingcope >> >>> >>> On 20 January 2012 00:28, HI-TECH . >>> <isowarez.isowarez.isowarez@...glemail.com> wrote: >>>> Hello xD, >>>> sorry I don't understand a word you are talking about. >>>> To put everything together about what you were ranting would take too >>>> much time for me. >>>> Did I offend you in any way ? >>>> It's just a PoC for people to test their systems nothing else... >>>> I cannot check each every system if it works, I just checked two boxes >>>> and thats enough for me. >>>> >>>> Regards, >>>> >>>> Kc >>>> >>>> Am 19. Januar 2012 04:56 schrieb xD 0x41 <secn3t@...il.com>: >>>>> Now, heres the one wich works, without in_chksum bug ;) >>>>> >>>>> http://pastebin.com/x1ShKAUT >>>>> >>>>> now, sorry but, had to try it remotely, sheesh, and, you dont >>>>> cripple, code of old bugs and, half of this code is from an old bug >>>>> anyhow, so why the heck not leave it... i guess now your starting to >>>>> look like Jon Oberheldie the king of fucked up cripples... lol... >>>>> ewnjoy folks. this version, may even work! omg isnt this amazing!! >>>>> XD says to FD a BIG FUCKS YOU ,well cept kcope and few other decent >>>>> guys like me :P ,and nme, and tropic and well, #Haxnet :) >>>>> now go fucking shoot yourselves away with your newbie working >>>>> undeadattack.. dont know why someone did not inform me they would >>>>> cripple it, and maybe forward a copy to me but, now this file, goes >>>>> where the rest go, to the shame files... >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 18 January 2012 08:11, HI-TECH . >>>>> <isowarez.isowarez.isowarez@...glemail.com> wrote: >>>>>> Demonstration of the Exploit: >>>>>> http://www.youtube.com/watch?v=78nAxh70yZE (thanks ClsHack) >>>>>> >>>>>> see attached content >>>>>> >>>>>> /Kingcope >>>>>> >>>>>> _______________________________________________ >>>>>> Full-Disclosure - We believe in it. >>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists