IMPORTANT SECURITY ADVISORY PLEASE READ!

[Ray.Percival () summit fiserv com (Percival, Ray)]

There is also the one where a guy with a stick sneaks up behind you and hits you on the head then does bad things to 
your system. Watch out for this one. :)

Ray

-----Original Message-----
From: segfault 
Sent: Wednesday, September 11, 2002 12:48 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] IMPORTANT SECURITY ADVISORY PLEASE READ!



 V4GU3-Disclosure
 http://www.imprettysure.com

 !Security Advisory!

 Advisory Name: This could be bad.

 Application: A widely used daemon.
 
 Platform: A widely used platform.
 
 Date:  9.11.02

 Severity: We speculate attacker could potentially do very bad things
   to you're machine if you do not immediately download the
   security patch from a website we're not sure exists.

 Overview: This service listens on a port and waits for a connection
   from a client, then the service retrieves authentication
   information from the client.  Once authenticated, the client
   can use the service.

 Description: Exploitation of a bug in this service could give an attacker
   ROOT level access to an unpatched machine.  We're pretty sure
   the bug is a buffer overflow somewhere, but we know for
   certain it is exploitable, and is very dangerous.

 Exploit: /* exploit.c by V4GU3-Disclosure staff.

      This program must be run for the exploit to work.
   
      Suggested arguments are:  +vxz 49

      Make sure you are ROOT when you run this!

   */

   #include <stdio.h>
   #include <somethingimportant.h>
   #include <ifyoudontincludethisitwontwork.h>
   #include <rootkit.h>

   int main()
   {
    printf("FUCKING OWNED!")
    return(0);
   }