Re: Shoe 1.0 - Remote Lace Overflow

[Chris Anley <chris () ngssoftware com>]

The new class of remote bug centers around the delivery of a set of 
instructions for making shoes, which are then followed by the target. 
This is, of course, cobblers. (sorry)

In tests, users of pumps, sandals, moccasins, flip-flops, slippers and 
diving flippers were unaffected, though apparently throwing a dutch clog 
at someone's head counts as a 'remote' also, as long as it's not your 
own head. Unless you throw it up in the air and accidentally hit 
yourself, when it is, unless it was your own clog, when it isn't.

It seems if you hit yourself in the head often enough and hard enough, 
everything is remote.

     -chris.

announce () 0x90 org wrote:
>  Shoe 1.0 - Remote Lace Overflow
>  --------------------------------------------
>
>  This Vulnerability is in reference to the new class of remote vulnerabilities 
>  indicated in: 
>  http://www.securityfocus.com/archive/1/385078/2004-12-19/2004-12-25/2
>  [Please read that first] 
>
>  Discovery Credited To:
>  ----------------------
>         freshman - 0x90.org
>         wxs      - 0x90.org
>         txs      - 0x90.org
>
>  Greets:
>  -------
>  Jonathan T. Rockway for being the smartest man alive.
>
>  Description:
>  ------------
>  A remote shoe vulnerability exists that could allow for remote tripping and 
>  possible exposure of sensitive data to the pavement.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave