Full Disclosure mailing list archives
Re: Shareaza Remote Vulnerability
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Fri, 27 Jan 2006 12:08:02 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I mean if the shareaza doesnt want to patch as it looks like here , provide him a poc with a remote execution and he will be forced to patch it, but right now he can probably ignore your warnings :) Ryan Smith wrote:
Thanks Todd, the correct link is http://www.hustlelabs.com/shareaza_advisory.pdf :> Ad, I believe what you mean is that I completed 20% of a job, and the job was correct. I am sorry you feel my work was incomplete; do you still feel like you recieved a deliverable that matches the dollar amount you spent on the research? On 1/26/06, *ad () heapoverflow com <mailto:ad () heapoverflow com>* <ad () heapoverflow com <mailto:ad () heapoverflow com>> wrote: where is your proof then that the remote execution is possible, the shareaza maker wont probably care until you add a proof on what do you claim as exploitable.. You just made like 20% of a correct job ... Ryan Smith wrote:There is a vulnerability in the current version of Shareaza, a P2P file sharing product. It results in remote code execution. Please see the advisory for more details. There is no patch.Credit: These vulnerabilities were discovered and researched by Ryan Smith.Contact: WhatsTheAddress () gmail com <mailto:WhatsTheAddress () gmail com> <mailto:WhatsTheAddress () gmail com <mailto:WhatsTheAddress () gmail com>>Details: http://www.hustlelabs.com/<http://www.security.nnov.ru/?gohttp://www.rem0te.com/public/images/clamav.pdf----------------------------------------------------------------------_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ9n/Ea+LRXunxpxfAQLq9BAAou8BzrrVGrw7C6Xq//2MgGRF4J4Aqx0l sntgujSaCMHnf/J8c7XSqvsOxYY0SiiB06yFzFXoBKpdnEHVP5M/4LEiAGwzK21V y4QK6Z6GVucP/Rz+O0zetub/Sjel4z7vPEZMnqySYA1EihH4MmCFIIC9EyOyyQdf Jc/7m3GJZO3vR4wOHANrxUFVBXf1mQpzN6Xc4XLhKA0iGAYo/MKQE8+PDCg7uQFd gDLFhLqbz24rEjYwP6Ww58yhKqc26CnBIeZgghwHBhh7cWcsgzPLqA5RoKSMACfy o+coqfXv1paZZCPhH17SdgXgfa263bDQmBxFLd6LxEi1kH4ABWEy8gesevZ3Sb5X Rkzx3h9v8Swa0Mv9/V+L51fELoDcbz22L7Ut+o8fwSukIoYDrz9LIMrjy1IK3aH4 Eraq0/SzMI1oQRAGI51AvKzMgToORQH+p1R1OIlFpyoIzCmKsEBFVY/1q59AGbz/ fkxsFhHD2XkS/nNP9bPevMboS45EZg2FJ8M+BT9OK8FjbP55aBhsynJ+E39fEg4g eoA288fGCdxONRf+sZ/+9vxnSYlhtBn6u4YXKVVsO3VPsrZcSTck/57P5ZbytX6c aq11B5N4aS1O1pQ5vSn/vTi6Pyr3jjIcqR+XTu6HHTslzD7V/i9lbpjwaWk3Krpz C1bLMBfybBU= =PL4B -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Shareaza Remote Vulnerability Ryan Smith (Jan 26)
- Re: Shareaza Remote Vulnerability ad () heapoverflow com (Jan 26)
- Re: Shareaza Remote Vulnerability Ryan Smith (Jan 27)
- Re: Shareaza Remote Vulnerability ad () heapoverflow com (Jan 27)
- Re: Shareaza Remote Vulnerability Ryan Smith (Jan 27)
- <Possible follow-ups>
- RE: Shareaza Remote Vulnerability Todd Towles (Jan 26)
- RE: Shareaza Remote Vulnerability Todd Towles (Jan 26)
- Re: Shareaza Remote Vulnerability ad () heapoverflow com (Jan 26)