Full Disclosure mailing list archives
[argv] PHC Threatcon Monitor & Hacklog Vulnerable
From: "ARGV" <argv () hushmail com>
Date: Fri, 7 Mar 2003 08:13:06 -0800
-----BEGIN PGP SIGNED MESSAGE----- 1. Topic: Threatcon monitor Hacklog OMG WTF LOL -- OHDAY PHC EXPLOIT -- OMG WTF LOL 2. Relevant versions: Vulnerable: 1.0 Not Vulnerable: NONE! 3. Problem description: OMG WTF LOL! http://phrack.efnet.ru/threatbar.c if ((ffd = open(filename, O_WRONLY | O_CREAT)) < 0) OMG WTF LOL -- RACE CONDITION -- OMG WTF LOL!!!!!! TMP RACE 101: MAKE SYMLINK TO /etc/shadow IN /tmp MATCHING FILENAME WAIT FOR 31337 H4X0R TO RUN THREATBAR ... PROFIT! http://phrack.efnet.ru/hacklog.c OMG WTF LOL -- ANOTHER BUG -- OMG WTF LOL!!!! if (argc != 3) { fprintf (stderr, "Usage: %s <typescript> <timing-file>\n", argv[0]); WHOA MAN, WHAT IF ARGV IS NULL? WHOA MAN! OMG WTF LOL!!! 4. Workaround: BOW DOWN TO ME, THE GREAT TSAO ME SO SMART OMG WTF LOL!!! 5. References: THANKS TO SHIFTEE FOR THE EXPLOITZZZ OMG LOL!!! 6. Contact: argv () hushmail com -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlkEARECABkFAj5owsUSHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9Bkpw/MAoKSB 0Ault9S+OEhzfn3HcGo1YnpnAKCbVkFThlAMs4GeOcWAcJbavXNR5g== =83gT -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [argv] PHC Threatcon Monitor & Hacklog Vulnerable ARGV (Mar 07)
- Re: [argv] PHC Threatcon Monitor & Hacklog Vulnerable Day Jay (Mar 07)
- Re: [argv] PHC Threatcon Monitor & Hacklog Vulnerable hellNbak (Mar 07)
- Re: [argv] PHC Threatcon Monitor & Hacklog Vulnerable Day Jay (Mar 07)