Full Disclosure mailing list archives
C99 Security Alert-Old-New-Who-Cares :) - (:
From: "democow ...." <democow8086 () hotmail com>
Date: Fri, 30 May 2003 04:05:32 +0000
SECURITY VUNERABILITY ALERT: hello,as a new white-hat hacker i would like to help the information security industry by posting a new vulnerability in the the linux operating system(this vulnerability may be present in many other operation systems depending on their implementation of the c)
i am posting this vulnerability to help the security community support itself in these troubled times, i know how hard it is for you to improve you image in their media these days.. so i would like you to scam a few more companies with some penetration tests.. and your consulting services
AND PLEASE POST AS MANY EXPLOITS AS YOU CAN BASED ON THE FOLLOWING INFORMATION... AS JUST INFORMATION ON THIS PROBLEM IS NOT SUFFICANT TO PLEASE SOME PEOPLE... ALSO I WOULD LIKE AS MANY CONSULTING COMPANIES AS POSSIABLE TO OFFER SERVICES USING THEM FOR THEIR OWN PROFIT.. I WOULD HATE TO SEE ANYONE HAVE TO LEARN ANYTHING BUT HOW TO COMPILE A PROGRAM..(i do not consider writing a report something that anyone who has a education beyond that of the 3rd grade something that has to be learned by the corporate scam-artist )
-------|LOCATED IN /lib/string.c|-----
char * strcpy(char * dest,const char *src)
{
char *tmp = dest;
[1] while ((*dest++ = *src++) != '\0')
/* nothing */;
return tmp;
}
as you can see at line [1] there is no length/intgreaty checking as src is
being inserted into dest
SOLUTION:there is no solution to this problem if there were, one would be common by now.. as we all know now there are no true standards worth following
just a reminder, democow the teat-less wonder _________________________________________________________________STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- C99 Security Alert-Old-New-Who-Cares :) - (: democow .... (May 29)
- Re: C99 Security Alert-Old-New-Who-Cares :) - (: Valdis . Kletnieks (May 30)
- <Possible follow-ups>
- RE: C99 Security Alert-Old-New-Who-Cares :) - (: Schmehl, Paul L (May 30)
