[Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:
From: democow .... (democow8086_at_hotmail.com)
Date: 05/30/03
- Previous message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2003:062 - Updated cups packages fix Denial of Service vulnerability"
- Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Maybe reply: Schmehl, Paul L: "RE: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Fri, 30 May 2003 04:05:32 +0000
SECURITY VUNERABILITY ALERT:
hello,
as a new white-hat hacker i would like to help the information security
industry by posting a new vulnerability in the the linux operating
system(this vulnerability may be present in many other operation systems
depending on their implementation of the c)
i am posting this vulnerability to help the security community support
itself in these troubled times, i know how hard it is for you to improve you
image in their media these days.. so i would like you to scam a few more
companies with some penetration tests.. and your “consulting” services
AND PLEASE POST AS MANY EXPLOITS AS YOU CAN BASED ON THE FOLLOWING
INFORMATION... AS JUST INFORMATION ON THIS PROBLEM IS NOT SUFFICANT TO
PLEASE SOME PEOPLE... ALSO I WOULD LIKE AS MANY CONSULTING COMPANIES AS
POSSIABLE TO OFFER SERVICES USING THEM FOR THEIR OWN PROFIT.. I WOULD HATE
TO SEE ANYONE HAVE TO LEARN ANYTHING BUT HOW TO COMPILE A PROGRAM..(i do not
consider writing a report something that anyone who has a education beyond
that of the 3rd grade something that has to be learned by the corporate
scam-artist )
-------|LOCATED IN /lib/string.c|-----
char * strcpy(char * dest,const char *src)
{
char *tmp = dest;
[1] while ((*dest++ = *src++) != '\0')
/* nothing */;
return tmp;
}
as you can see at line [1] there is no length/intgreaty checking as src is
being inserted into dest
SOLUTION:
there is no solution to this problem if there were, one would be common by
now.. as we all know now there are no true standards worth following
just a reminder,
democow “the teat-less wonder”
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2003:062 - Updated cups packages fix Denial of Service vulnerability"
- Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Maybe reply: Schmehl, Paul L: "RE: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
