hello,
as a new white-hat hacker i would like to help the information security industry by posting a new vulnerability in the the linux operating system(this vulnerability may be present in many other operation systems depending on their implementation of the c)
i am posting this vulnerability to help the security community support itself in these troubled times, i know how hard it is for you to improve you image in their media these days.. so i would like you to scam a few more companies with some penetration tests.. and your �consulting� services
AND PLEASE POST AS MANY EXPLOITS AS YOU CAN BASED ON THE FOLLOWING INFORMATION... AS JUST INFORMATION ON THIS PROBLEM IS NOT SUFFICANT TO PLEASE SOME PEOPLE... ALSO I WOULD LIKE AS MANY CONSULTING COMPANIES AS POSSIABLE TO OFFER SERVICES USING THEM FOR THEIR OWN PROFIT.. I WOULD HATE TO SEE ANYONE HAVE TO LEARN ANYTHING BUT HOW TO COMPILE A PROGRAM..(i do not consider writing a report something that anyone who has a education beyond that of the 3rd grade something that has to be learned by the corporate scam-artist )
-------|LOCATED IN /lib/string.c|-----
char * strcpy(char * dest,const char *src)
{
char *tmp = dest; [1] while ((*dest++ = *src++) != '\0')
/* nothing */;
return tmp;
}as you can see at line [1] there is no length/intgreaty checking as src is being inserted into dest
SOLUTION:
there is no solution to this problem if there were, one would be common by now.. as we all know now there are no true standards worth following
just a reminder, democow �the teat-less wonder�
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
