There is also the one where a guy with a stick sneaks up behind you and hits you on the head then does bad things to your system. Watch out for this one. :)
Ray -----Original Message----- From: segfault Sent: Wednesday, September 11, 2002 12:48 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] IMPORTANT SECURITY ADVISORY PLEASE READ! V4GU3-Disclosure http://www.imprettysure.com !Security Advisory! Advisory Name: This could be bad. Application: A widely used daemon. Platform: A widely used platform. Date: 9.11.02 Severity: We speculate attacker could potentially do very bad things to you're machine if you do not immediately download the security patch from a website we're not sure exists. Overview: This service listens on a port and waits for a connection from a client, then the service retrieves authentication information from the client. Once authenticated, the client can use the service. Description: Exploitation of a bug in this service could give an attacker ROOT level access to an unpatched machine. We're pretty sure the bug is a buffer overflow somewhere, but we know for certain it is exploitable, and is very dangerous. Exploit: /* exploit.c by V4GU3-Disclosure staff. This program must be run for the exploit to work. Suggested arguments are: +vxz 49 Make sure you are ROOT when you run this! */ #include <stdio.h> #include <somethingimportant.h> #include <ifyoudontincludethisitwontwork.h> #include <rootkit.h> int main() { printf("FUCKING OWNED!") return(0); } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
