Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [argv] PHC Threatcon Monitor & Hacklog Vulnerable

From: Day Jay <d4yj4y () yahoo com>
Date: Fri, 7 Mar 2003 13:43:02 -0800 (PST)
LMFAO!

LOLZ!



--- ARGV <argv () hushmail com> wrote:


-----BEGIN PGP SIGNED MESSAGE-----


1. Topic:
      Threatcon monitor
      Hacklog

      OMG WTF LOL -- OHDAY PHC EXPLOIT -- OMG WTF LOL

2. Relevant versions:
        Vulnerable: 1.0

        Not Vulnerable:  NONE!

3. Problem description:
      OMG WTF LOL!

      http://phrack.efnet.ru/threatbar.c

      if ((ffd = open(filename, O_WRONLY | O_CREAT)) < 0)

      OMG WTF LOL -- RACE CONDITION -- OMG WTF LOL!!!!!!

      TMP RACE 101:
              MAKE SYMLINK TO /etc/shadow IN /tmp MATCHING
FILENAME
              WAIT FOR 31337 H4X0R TO RUN THREATBAR
              ...
              PROFIT!

      http://phrack.efnet.ru/hacklog.c

      OMG WTF LOL -- ANOTHER BUG -- OMG WTF LOL!!!!

      if (argc != 3)
        {
      fprintf (stderr, "Usage: %s <typescript>
<timing-file>\n",
                 argv[0]);

      WHOA MAN, WHAT IF ARGV IS NULL? WHOA MAN! OMG WTF
LOL!!!

4. Workaround:
      BOW DOWN TO ME, THE GREAT TSAO
      ME SO SMART OMG WTF LOL!!!

5. References:
      THANKS TO SHIFTEE FOR THE EXPLOITZZZ OMG LOL!!!

6. Contact:
        argv () hushmail com


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at
https://www.hushtools.com/verify



wlkEARECABkFAj5owsUSHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9Bkpw/MAoKSB



0Ault9S+OEhzfn3HcGo1YnpnAKCbVkFThlAMs4GeOcWAcJbavXNR5g==

=83gT
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to
get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate
Program: 


https://www.hushmail.com/about.php?subloc=affiliate&l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.netsys.com/full-disclosure-charter.html


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: