|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] [argv] PHC Threatcon Monitor & Hacklog Vulnerable
From: hellNbak (hellnbak
nmrc.org)
Date: Fri Mar 07 2003 - 18:19:06 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
heh
On Fri, 7 Mar 2003, Day Jay wrote:
> Date: Fri, 7 Mar 2003 13:43:02 -0800 (PST)
> From: Day Jay <d4yj4yyahoo.com>
> To: ARGV <argvhushmail.com>
> Cc: full-disclosurelists.netsys.com
> Subject: Re: [Full-Disclosure] [argv] PHC Threatcon Monitor & Hacklog
> Vulnerable
>
> LMFAO!
>
> LOLZ!
>
>
>
> --- ARGV <argvhushmail.com> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> >
> > 1. Topic:
> > Threatcon monitor
> > Hacklog
> >
> > OMG WTF LOL -- OHDAY PHC EXPLOIT -- OMG WTF LOL
> >
> > 2. Relevant versions:
> > Vulnerable: 1.0
> >
> > Not Vulnerable: NONE!
> >
> > 3. Problem description:
> > OMG WTF LOL!
> >
> > http://phrack.efnet.ru/threatbar.c
> >
> > if ((ffd = open(filename, O_WRONLY | O_CREAT)) < 0)
> >
> > OMG WTF LOL -- RACE CONDITION -- OMG WTF LOL!!!!!!
> >
> > TMP RACE 101:
> > MAKE SYMLINK TO /etc/shadow IN /tmp MATCHING
> > FILENAME
> > WAIT FOR 31337 H4X0R TO RUN THREATBAR
> > ...
> > PROFIT!
> >
> > http://phrack.efnet.ru/hacklog.c
> >
> > OMG WTF LOL -- ANOTHER BUG -- OMG WTF LOL!!!!
> >
> > if (argc != 3)
> > {
> > fprintf (stderr, "Usage: %s <typescript>
> > <timing-file>\n",
> > argv[0]);
> >
> > WHOA MAN, WHAT IF ARGV IS NULL? WHOA MAN! OMG WTF
> > LOL!!!
> >
> > 4. Workaround:
> > BOW DOWN TO ME, THE GREAT TSAO
> > ME SO SMART OMG WTF LOL!!!
> >
> > 5. References:
> > THANKS TO SHIFTEE FOR THE EXPLOITZZZ OMG LOL!!!
> >
> > 6. Contact:
> > argvhushmail.com
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: Hush 2.2 (Java)
> > Note: This signature can be verified at
> > https://www.hushtools.com/verify
> >
> >
> wlkEARECABkFAj5owsUSHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9Bkpw/MAoKSB
> >
> 0Ault9S+OEhzfn3HcGo1YnpnAKCbVkFThlAMs4GeOcWAcJbavXNR5g==
> > =83gT
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> > Concerned about your privacy? Follow this link to
> > get
> > FREE encrypted email: https://www.hushmail.com/?l=2
> >
> > Big $$$ to be made with the HushMail Affiliate
> > Program:
> >
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.netsys.com/full-disclosure-charter.html
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
"I don't intend to offend, I offend with my intent"
hellNbaknmrc.org
http://www.nmrc.org/~hellnbak
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]