Full Disclosure mailing list archives

C99 Security Alert-Old-New-Who-Cares :) - (:


From: "democow ...." <democow8086 () hotmail com>
Date: Fri, 30 May 2003 04:05:32 +0000

SECURITY VUNERABILITY ALERT:

hello,
as a new white-hat hacker i would like to help the information security industry by posting a new vulnerability in the the linux operating system(this vulnerability may be present in many other operation systems depending on their implementation of the c)

i am posting this vulnerability to help the security community support itself in these troubled times, i know how hard it is for you to improve you image in their media these days.. so i would like you to scam a few more companies with some penetration tests.. and your “consulting” services

AND PLEASE POST AS MANY EXPLOITS AS YOU CAN BASED ON THE FOLLOWING INFORMATION... AS JUST INFORMATION ON THIS PROBLEM IS NOT SUFFICANT TO PLEASE SOME PEOPLE... ALSO I WOULD LIKE AS MANY CONSULTING COMPANIES AS POSSIABLE TO OFFER SERVICES USING THEM FOR THEIR OWN PROFIT.. I WOULD HATE TO SEE ANYONE HAVE TO LEARN ANYTHING BUT HOW TO COMPILE A PROGRAM..(i do not consider writing a report something that anyone who has a education beyond that of the 3rd grade something that has to be learned by the corporate scam-artist )

-------|LOCATED IN /lib/string.c|-----

char * strcpy(char * dest,const char *src)
{
       char *tmp = dest;

     [1]  while ((*dest++ = *src++) != '\0')
               /* nothing */;
       return tmp;
}

as you can see at line [1] there is no length/intgreaty checking as src is being inserted into dest

SOLUTION:
there is no solution to this problem if there were, one would be common by now.. as we all know now there are no true standards worth following

just a reminder,
democow “the teat-less wonder”

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: