This is not simply wrong, this is medically wrong.
On 04/29/2011 12:43 AM, Mario Vilas wrote:
Precisely. The poc triggers the bug by passing a very long command line
argument, so it's assumed the attacker already has executed code. The only
way this is exploitable is if the binary has suid
However I have to say that Mr. Neo here may have an actually exploitable
bug if the overflow code can be also reached with a remote codepath.
On 04/29/2011 12:43 AM, Mario Vilas wrote:
Precisely. The poc triggers the bug by passing a very long command line
argument, so it's assumed the
On a side note, anyone here ever used any of the xmatters engines?? Care to
give a small review??
On Thu, Apr 28, 2011 at 4:03 PM, Juan Sacco
jsa...@insecurityresearch.comwrote:
Information
Name : Heap Buffer Overflow in xMatters AlarmPoint APClient
Version: APClient
GROUP HUG.
On Thu, Apr 28, 2011 at 11:11 PM, ghost gho...@gmail.com wrote:
So in 6 short months you've become a master hacker huh Gage ? All that
reporting nigerian scammers really put you to the top of the hacker
echelon ? or is it cause you finally got a piece of paper as
recognition from
Im with ya there, Insect is a joke... i mean, open src tools, sure, we can
use those... but, a non open src, non free tool,. being posted ATALL
surprises me.. so, why berat up on him ? your lame app missed shit, simple..
even if your a good coder, does not mean YOUR product will 'rule'.
Sorry but,
Well... I am only saying, this place is NOT a place where 'web fuzzing'
should be the main topic of interest, specially when it is related to
software wich costs money and does not even have any trial..
It also, produced a false, on many occassions.
Acutenix consultant would do this, and guess
insect's are a big joke
m* f*
2011/4/29 -= Glowing Doom =- sec...@gmail.com
Well... I am only saying, this place is NOT a place where 'web fuzzing'
should be the main topic of interest, specially when it is related to
software wich costs money and does not even have any trial..
It also,
Information
Name : Heap Buffer Overflow in xMatters AlarmPoint APClient
Version: APClient 3.2.0 (native)
Software : xMatters AlarmPoint
Vendor Homepage : http://www.xmatters.com
Vulnerability Type : Heap Buffer Overflow
Md5: 283d98063323f35deb7afbd1db93d859
Is the suid bit set on that binary? Otherwise, unless I'm missing something
it doesn't seem to be exploitable by an attacker...
On Thu, Apr 28, 2011 at 12:03 PM, Juan Sacco
jsa...@insecurityresearch.comwrote:
Information
Name : Heap Buffer Overflow in xMatters
On Thu, 28 Apr 2011 14:40:22 -0300, Mario Vilas said:
Is the suid bit set on that binary? Otherwise, unless I'm missing something
it doesn't seem to be exploitable by an attacker...
Who cares? You got code executed on the remote box, that's the *hard* part.
Use that to inject a callback shell
This isn't a zero day. This is a vulnerability. Being able to crash
the system is nothing compared to the effort needed to actually write
the exploit. What function is the heap overflow in? Did you guys even
bother to find out? How do I know this is even a heap overflow? Heck
you couldnt even
So in 6 short months you've become a master hacker huh Gage ? All that
reporting nigerian scammers really put you to the top of the hacker
echelon ? or is it cause you finally got a piece of paper as
recognition from your little school ?
In short; Shut the fuck up and go play in traffic, kid.
Any reason for the hostility? The nigerian thing was ages ago and out
of curiosity, and I don't see how my choice of school is relevant in
the situation. Wheres this six month deal coming from and when did I
ever say I even counted myself as a hacker?
All I'm saying is InsectPro did poor
Precisely. The poc triggers the bug by passing a very long command line
argument, so it's assumed the attacker already has executed code. The only
way this is exploitable is if the binary has suid (then the attacker can
elevate privileges) or the command can be executed remotely (and the
attacker
14 matches
Mail list logo