Full Disclosure mailing list archives

IMPORTANT SECURITY ADVISORY PLEASE READ!

From: gobbles () hush com (gobbles () hush com)
Date: Wed, 11 Sep 2002 13:03:34 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

also do bad things to anus

There is also the one where a guy with a stick sneaks up behind
you and hits you on the head then does bad things to your system. Watch out for this one. :)

Ray

-----Original Message-----
From: segfault
Sent: Wednesday, September 11, 2002 12:48 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] IMPORTANT SECURITY ADVISORY PLEASE R
EAD!

V4GU3-Disclosure
http://www.imprettysure.com

!Security Advisory!

Advisory Name: This could be bad.

Application: A widely used daemon.

Platform: A widely used platform.

Date:  9.11.02

Severity: We speculate attacker could potentially do very bad
things
  to you're machine if you do not immediately download the
  security patch from a website we're not sure exists.

Overview: This service listens on a port and waits for a conne
ction
  from a client, then the service retrieves authentication
  information from the client.  Once authenticated, the client

  can use the service.

Description: Exploitation of a bug in this service could give
an attacker
  ROOT level access to an unpatched machine.  We're pretty sur
e
  the bug is a buffer overflow somewhere, but we know for
  certain it is exploitable, and is very dangerous.

Exploit: /* exploit.c by V4GU3-Disclosure staff.

     This program must be run for the exploit to work.

     Suggested arguments are:  +vxz 49

     Make sure you are ROOT when you run this!

  */

  #include <stdio.h>
  #include <somethingimportant.h>
  #include <ifyoudontincludethisitwontwork.h>
  #include <rootkit.h>

  int main()
  {
   printf("FUCKING OWNED!")
   return(0);
  }

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlgEARECABgFAj1/r6ARHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56tGTwCfdjpG
HzgtTlTU5VW8L8JiLADBXOQAoJpWXFmK82PW36kpOpk5m+i6bIoB
=jdhx
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com

Current thread:

IMPORTANT SECURITY ADVISORY PLEASE READ! segfault (Sep 11)
- <Possible follow-ups>
- IMPORTANT SECURITY ADVISORY PLEASE READ! Percival, Ray (Sep 11)
  - IMPORTANT SECURITY ADVISORY PLEASE READ! Matthew McGehrin (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! gobbles () hush com (Sep 11)
  - IMPORTANT SECURITY ADVISORY PLEASE READ! Niels Bakker (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! gobbles () hush com (Sep 11)
- Re: IMPORTANT SECURITY ADVISORY PLEASE READ! Steven M. Christey (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! s n u r f l e (Sep 11)