Full Disclosure mailing list archives

IMPORTANT SECURITY ADVISORY PLEASE READ!

From: mcgehrin () reverse net (Matthew McGehrin)
Date: Wed, 11 Sep 2002 16:22:29 -0400

Perhaps its time for a second list.

Full-disclosure-humor :)

----- Original Message -----
From: "Percival, Ray" <Ray.Percival () summit fiserv com>
To: <ashlieangel86 () hotmail com>; <full-disclosure () lists netsys com>
Sent: Wednesday, September 11, 2002 3:51 PM
Subject: RE: [Full-disclosure] IMPORTANT SECURITY ADVISORY PLEASE READ!

There is also the one where a guy with a stick sneaks up behind you and

hits you on the head then does bad things to your system. Watch out for this
one. :)

Ray

-----Original Message-----
From: segfault
Sent: Wednesday, September 11, 2002 12:48 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] IMPORTANT SECURITY ADVISORY PLEASE READ!

 V4GU3-Disclosure
 http://www.imprettysure.com

 !Security Advisory!

 Advisory Name: This could be bad.

 Application: A widely used daemon.

 Platform: A widely used platform.

 Date:  9.11.02

 Severity: We speculate attacker could potentially do very bad things
   to you're machine if you do not immediately download the
   security patch from a website we're not sure exists.

 Overview: This service listens on a port and waits for a connection
   from a client, then the service retrieves authentication
   information from the client.  Once authenticated, the client
   can use the service.

 Description: Exploitation of a bug in this service could give an attacker
   ROOT level access to an unpatched machine.  We're pretty sure
   the bug is a buffer overflow somewhere, but we know for
   certain it is exploitable, and is very dangerous.

 Exploit: /* exploit.c by V4GU3-Disclosure staff.

      This program must be run for the exploit to work.

      Suggested arguments are:  +vxz 49

      Make sure you are ROOT when you run this!

   */

   #include <stdio.h>
   #include <somethingimportant.h>
   #include <ifyoudontincludethisitwontwork.h>
   #include <rootkit.h>

   int main()
   {
    printf("FUCKING OWNED!")
    return(0);
   }

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

IMPORTANT SECURITY ADVISORY PLEASE READ! segfault (Sep 11)
- <Possible follow-ups>
- IMPORTANT SECURITY ADVISORY PLEASE READ! Percival, Ray (Sep 11)
  - IMPORTANT SECURITY ADVISORY PLEASE READ! Matthew McGehrin (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! gobbles () hush com (Sep 11)
  - IMPORTANT SECURITY ADVISORY PLEASE READ! Niels Bakker (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! gobbles () hush com (Sep 11)
- Re: IMPORTANT SECURITY ADVISORY PLEASE READ! Steven M. Christey (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! s n u r f l e (Sep 11)