Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Shareaza Remote Vulnerability
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Fri, 27 Jan 2006 12:08:02 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I mean if the shareaza doesnt want to patch as it looks like here ,
provide him a poc with a remote execution and he will be forced to
patch it, but right now he can probably ignore your warnings :)

Ryan Smith wrote:
Thanks Todd, the correct link is
http://www.hustlelabs.com/shareaza_advisory.pdf :>

Ad, I believe what you mean is that I completed 20% of a job, and
the job was correct.  I am sorry you feel my work was incomplete;
do you still feel like you recieved a deliverable that matches the
dollar amount you spent on the research?

On 1/26/06, *ad () heapoverflow com <mailto:ad () heapoverflow com>*
<ad () heapoverflow com <mailto:ad () heapoverflow com>> wrote:

where is your proof then that the remote execution is possible, the
 shareaza maker wont probably care until you add a proof on what do
you claim as exploitable.. You just made like 20% of a correct job
...


Ryan Smith wrote:
There is a vulnerability in the current version of Shareaza, a
P2P file sharing product.  It results in remote code execution.
Please see the advisory for more details.  There is no patch.

Credit: These vulnerabilities were discovered and researched by
Ryan Smith.

Contact: WhatsTheAddress () gmail com
<mailto:WhatsTheAddress () gmail com>
<mailto:WhatsTheAddress () gmail com
<mailto:WhatsTheAddress () gmail com>>

Details: http://www.hustlelabs.com/

<http://www.security.nnov.ru/?gohttp://www.rem0te.com/public/images/clamav.pdf





----------------------------------------------------------------------



_______________________________________________ Full-Disclosure -
 We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ9n/Ea+LRXunxpxfAQLq9BAAou8BzrrVGrw7C6Xq//2MgGRF4J4Aqx0l
sntgujSaCMHnf/J8c7XSqvsOxYY0SiiB06yFzFXoBKpdnEHVP5M/4LEiAGwzK21V
y4QK6Z6GVucP/Rz+O0zetub/Sjel4z7vPEZMnqySYA1EihH4MmCFIIC9EyOyyQdf
Jc/7m3GJZO3vR4wOHANrxUFVBXf1mQpzN6Xc4XLhKA0iGAYo/MKQE8+PDCg7uQFd
gDLFhLqbz24rEjYwP6Ww58yhKqc26CnBIeZgghwHBhh7cWcsgzPLqA5RoKSMACfy
o+coqfXv1paZZCPhH17SdgXgfa263bDQmBxFLd6LxEi1kH4ABWEy8gesevZ3Sb5X
Rkzx3h9v8Swa0Mv9/V+L51fELoDcbz22L7Ut+o8fwSukIoYDrz9LIMrjy1IK3aH4
Eraq0/SzMI1oQRAGI51AvKzMgToORQH+p1R1OIlFpyoIzCmKsEBFVY/1q59AGbz/
fkxsFhHD2XkS/nNP9bPevMboS45EZg2FJ8M+BT9OK8FjbP55aBhsynJ+E39fEg4g
eoA288fGCdxONRf+sZ/+9vxnSYlhtBn6u4YXKVVsO3VPsrZcSTck/57P5ZbytX6c
aq11B5N4aS1O1pQ5vSn/vTi6Pyr3jjIcqR+XTu6HHTslzD7V/i9lbpjwaWk3Krpz
C1bLMBfybBU=
=PL4B
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]