Full Disclosure mailing list archives

Re: Shareaza Remote Vulnerability

From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Thu, 26 Jan 2006 23:36:03 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
where is your proof then that the remote execution is possible, the
shareaza maker wont probably care until you add a proof on what do you
claim as exploitable..
You just made like 20% of a correct job ...


Ryan Smith wrote:

There is a vulnerability in the current version of Shareaza, a P2P
file sharing product.  It results in remote code execution.  Please
 see the advisory for more details.  There is no patch.

Credit: These vulnerabilities were discovered and researched by
Ryan Smith.

Contact: WhatsTheAddress () gmail com
<mailto:WhatsTheAddress () gmail com>

Details: http://www.hustlelabs.com/
<http://www.security.nnov.ru/?gohttp://www.rem0te.com/public/images/clamav.pdf>



----------------------------------------------------------------------


_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ9lO0q+LRXunxpxfAQJmXRAAkpwY9Xgwt9NwEv6JeG/gTqkSSoHwAvQo
e/97GNP+Vz1q8Gv0IxWk4HfmxUmY+oeI76pTwka/yb3p2hbpvVV5i0Ab5pYLt5OL
M3z8S8P4EGbHTn1JNsRxmO65ZRS0W/2QkYY3tLfcPXUeBekgtFhfpuSe3kPgsvEW
zGTNrHBngUZpp/AxsodWWNBRPKt8TAfk24mlLC9r/0WTn1jWv8IjBKEmsCi9trzD
XaIIZMKF9hdmjQYpXYvakwBjm0pHV3bl0IK0oh+iURC2CCWFF7LJTgulGX+QA0PX
truBCvCdKvlGsZePaugywYl/jR5GT5SS0HNa8ZxjgIoMzZn13UcMKdksFMI6aqqI
uAwQzI9dh2Hyy35l4VtPvbnqHc2gBkcLQKOh2BCB5KJ/Q45HhoF8YZYTp55W2kBN
iGQ8jnCPP59006MRt3JqZjWD3iQd5kYwALkHKi96KszbXratq/Q+8Lbp/7N1YVvT
jqN6B+w0zgMtDyE9ZcT0/vpOD49ILKtN8Et5pjOtqGU0BHvTAVLyDSacwmYHyuXX
0dRQl4BT6gITNpmCEvzd86jsTvAe3OwclcsOlZPnWNw4nywE/jEWNlW6/21E9t0y
JfXcrfADTvErX7tmteZMIAdi2BSuC8+kfMwVEqzRGNo/wGgVKH0qD4cFQXdvuRls
kAI1sXRWbQ0=
=4/ii
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Shareaza Remote Vulnerability Ryan Smith (Jan 26)
- Re: Shareaza Remote Vulnerability ad () heapoverflow com (Jan 26)
  - Re: Shareaza Remote Vulnerability Ryan Smith (Jan 27)
    - Re: Shareaza Remote Vulnerability ad () heapoverflow com (Jan 27)
- <Possible follow-ups>
- RE: Shareaza Remote Vulnerability Todd Towles (Jan 26)
- RE: Shareaza Remote Vulnerability Todd Towles (Jan 26)