heh On Fri, 7 Mar 2003, Day Jay wrote:
> Date: Fri, 7 Mar 2003 13:43:02 -0800 (PST) > From: Day Jay <[EMAIL PROTECTED]> > To: ARGV <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] [argv] PHC Threatcon Monitor & Hacklog > Vulnerable > > LMFAO! > > LOLZ! > > > > --- ARGV <[EMAIL PROTECTED]> wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > 1. Topic: > > Threatcon monitor > > Hacklog > > > > OMG WTF LOL -- OHDAY PHC EXPLOIT -- OMG WTF LOL > > > > 2. Relevant versions: > > Vulnerable: 1.0 > > > > Not Vulnerable: NONE! > > > > 3. Problem description: > > OMG WTF LOL! > > > > http://phrack.efnet.ru/threatbar.c > > > > if ((ffd = open(filename, O_WRONLY | O_CREAT)) < 0) > > > > OMG WTF LOL -- RACE CONDITION -- OMG WTF LOL!!!!!! > > > > TMP RACE 101: > > MAKE SYMLINK TO /etc/shadow IN /tmp MATCHING > > FILENAME > > WAIT FOR 31337 H4X0R TO RUN THREATBAR > > ... > > PROFIT! > > > > http://phrack.efnet.ru/hacklog.c > > > > OMG WTF LOL -- ANOTHER BUG -- OMG WTF LOL!!!! > > > > if (argc != 3) > > { > > fprintf (stderr, "Usage: %s <typescript> > > <timing-file>\n", > > argv[0]); > > > > WHOA MAN, WHAT IF ARGV IS NULL? WHOA MAN! OMG WTF > > LOL!!! > > > > 4. Workaround: > > BOW DOWN TO ME, THE GREAT TSAO > > ME SO SMART OMG WTF LOL!!! > > > > 5. References: > > THANKS TO SHIFTEE FOR THE EXPLOITZZZ OMG LOL!!! > > > > 6. Contact: > > [EMAIL PROTECTED] > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: Hush 2.2 (Java) > > Note: This signature can be verified at > > https://www.hushtools.com/verify > > > > > wlkEARECABkFAj5owsUSHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9Bkpw/MAoKSB > > > 0Ault9S+OEhzfn3HcGo1YnpnAKCbVkFThlAMs4GeOcWAcJbavXNR5g== > > =83gT > > -----END PGP SIGNATURE----- > > > > > > > > > > Concerned about your privacy? Follow this link to > > get > > FREE encrypted email: https://www.hushmail.com/?l=2 > > > > Big $$$ to be made with the HushMail Affiliate > > Program: > > > https://www.hushmail.com/about.php?subloc=affiliate&l=427 > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Tax Center - forms, calculators, tips, more > http://taxes.yahoo.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" [EMAIL PROTECTED] http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
