mailing list archives
big security bug
From: <dnvdnv () hushmail com>
Date: Sat, 4 Feb 2006 05:52:40 +0100
I, Leet HaCkEr DNV has found new bug in very MutsJ used software
for poplar operation
system freebsd mashine. If U use CAT command you can as any user
see any file from all user. This is a big infomration leek as it
can show secret info from other users!! i tryed with normal user
(DNV) and i get secret info from file owned by other user (ROOT)!!!
i have an eksample:
<insert passwd here>
Also it is a big hacker error because as normal user (DNV) you can
put big info in other people( ROOT) files with this command !! cat
MY FILE > ROOT FILE! ThiS undermineS UNICS seCURITY! THIS IS ONE OF
THE BIGGEST BUG IN WORLD NOW!! I CAL A WRANING TO UNICS SYSTEM
ADMINISTRATORS ALL OVEFR!! ALL OS HAVE THIS BUG ALSO LINUX MADRIVA
MANDRAGE GENTO GOOGLE HURD MINIX AMOEBA
I HAEV WRITTEN SHELLCODE FOR THIS EXPLOIT!!
file to delete=/bin/sh
path cat =/bin/cat
mov %eac, file to delete
mov %eip, ip adresse of victim
mov %stack, "/bin/sh"
push byte [r0+r1+00001112]
WHAT WE MUST ASC OURSELFS IS WHY IS THIS HACKERTOOL INCLUEDED IN
ALL UNICES!! SUCK A DANGERUS TOOL CAN NOT BE ALOWED TO ESIST! I
HAVE CONTACTED SCO BUT THEY DO NOT CARE AND I DONT UNDERSTAND DOT
THEY OWN UNICS?
THIS IS POC ( PROFING ORIGINAL CONNECTIONEXPLOIT ) PLZ NOT SHARE.
THIS WILL CLOSE INTERNET.
gREEtINGS to My BUDDIES dr303, muslim hackers for respect of
religion, all men love all like muslim brothers
Concerned about your privacy? Instantly send FREE secure email, no account required
Get the best prices on SSL certificates from Hushmail
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- big security bug dnvdnv (Feb 04)