Full Disclosure mailing list archives
IMPORTANT SECURITY ADVISORY PLEASE READ!
From: ashlieangel86 () hotmail com (segfault)
Date: Wed, 11 Sep 2002 15:04:55 -0400
This is a multi-part message in MIME format. ------=_NextPart_000_000B_01C259A4.96CEF790 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable V4GU3-Disclosure http://www.imprettysure.com !Security Advisory! Advisory Name: This could be bad. Application: A widely used daemon. =20 Platform: A widely used platform. =20 Date: 9.11.02 Severity: We speculate attacker could potentially do very bad things to you're machine if you do not immediately download the security patch from a website we're not sure exists. Overview: This service listens on a port and waits for a connection from a client, then the service retrieves authentication information from the client. Once authenticated, the client can use the service. Description: Exploitation of a bug in this service could give an = attacker ROOT level access to an unpatched machine. We're pretty sure the bug is a buffer overflow somewhere, but we know for certain it is exploitable, and is very dangerous. Exploit: /* exploit.c by V4GU3-Disclosure staff. This program must be run for the exploit to work. =20 Suggested arguments are: +vxz 49 Make sure you are ROOT when you run this! */ #include <stdio.h> #include <somethingimportant.h> #include <ifyoudontincludethisitwontwork.h> #include <rootkit.h> int main() { printf("FUCKING OWNED!") return(0); } ------=_NextPart_000_000B_01C259A4.96CEF790 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2719.2200" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff><FONT face=3DArial size=3D2> <DIV><BR> V4GU3-Disclosure<BR> <A=20 href=3D"http://www.imprettysure.com">http://www.imprettysure.com</A></DIV=
<DIV> </DIV> <DIV> !Security Advisory!</DIV> <DIV> </DIV> <DIV> Advisory Name: This could be bad.</DIV> <DIV> </DIV> <DIV> Application: A widely used=20 daemon.<BR> <BR> Platform: A widely used=20 platform.<BR> <BR> Date: 9.11.02</DIV> <DIV> </DIV> <DIV> Severity: We speculate attacker could potentially do = very bad=20 things<BR> to you're machine if you do not immediately = download=20 the<BR> security patch from a website we're not sure=20 exists.</DIV> <DIV> </DIV> <DIV> Overview: This service listens on a port and waits for a = connection<BR> from a client, then the service = retrieves=20 authentication<BR> information from the client. = Once=20 authenticated, the client<BR> can use the = service.</DIV> <DIV> </DIV> <DIV> Description: Exploitation of a bug in this service could = give an=20 attacker<BR> ROOT level access to an unpatched = machine. =20 We're pretty sure<BR> the bug is a buffer overflow = somewhere,=20 but we know for<BR> certain it is exploitable, and is = very=20 dangerous.</DIV> <DIV> </DIV> <DIV> Exploit: /* exploit.c by V4GU3-Disclosure staff.</DIV> <DIV> </DIV> <DIV> This program must be run for the = exploit to=20 work.<BR> <BR> Suggested=20 arguments are: +vxz 49</DIV> <DIV> </DIV> <DIV> Make sure you are ROOT when you run=20 this!</DIV> <DIV> </DIV> <DIV> */</DIV> <DIV> </DIV> <DIV> #include = <stdio.h><BR> #include=20 <somethingimportant.h><BR> #include=20 <ifyoudontincludethisitwontwork.h><BR> #include=20 <rootkit.h></DIV> <DIV> </DIV> <DIV> int=20 main()<BR> {<BR> printf("FUCKING = OWNED!")<BR> return(0);<BR> }</FO= NT></DIV></BODY></HTML> ------=_NextPart_000_000B_01C259A4.96CEF790--
Current thread:
- IMPORTANT SECURITY ADVISORY PLEASE READ! segfault (Sep 11)
- <Possible follow-ups>
- IMPORTANT SECURITY ADVISORY PLEASE READ! Percival, Ray (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! Matthew McGehrin (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! gobbles () hush com (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! Niels Bakker (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! gobbles () hush com (Sep 11)
- Re: IMPORTANT SECURITY ADVISORY PLEASE READ! Steven M. Christey (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! s n u r f l e (Sep 11)