RE: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:
From: Schmehl, Paul L (pauls_at_utdallas.edu)
Date: 05/30/03
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Maybe in reply to: democow ....: "[Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Fri, 30 May 2003 11:10:48 -0500
Normally I wouldn't bother pointing this stuff out, but if you're going
to accuse other people of having less than a third grade
education....well, people who throw stones shouldn't live in glass
houses....
operation systems? NOT SUFFICANT??? AS POSSIABLE??? Intgreaty???
Maybe you should consider finishing school yourself, before you
criticize others.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
-----Original Message-----
From: democow .... [mailto:democow8086@hotmail.com]
Sent: Thursday, May 29, 2003 10:06 PM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:
SECURITY VUNERABILITY ALERT:
hello,
as a new white-hat hacker i would like to help the information security
industry by posting a new vulnerability in the the linux operating
system(this vulnerability may be present in many other operation systems
depending on their implementation of the c)
i am posting this vulnerability to help the security community support
itself in these troubled times, i know how hard it is for you to improve
you
image in their media these days.. so i would like you to scam a few more
companies with some penetration tests.. and your "consulting" services
AND PLEASE POST AS MANY EXPLOITS AS YOU CAN BASED ON THE FOLLOWING
INFORMATION... AS JUST INFORMATION ON THIS PROBLEM IS NOT SUFFICANT TO
PLEASE SOME PEOPLE... ALSO I WOULD LIKE AS MANY CONSULTING COMPANIES
AS
POSSIABLE TO OFFER SERVICES USING THEM FOR THEIR OWN PROFIT.. I WOULD
HATE
TO SEE ANYONE HAVE TO LEARN ANYTHING BUT HOW TO COMPILE A PROGRAM..(i do
not
consider writing a report something that anyone who has a education
beyond
that of the 3rd grade something that has to be learned by the corporate
scam-artist )
-------|LOCATED IN /lib/string.c|-----
char * strcpy(char * dest,const char *src)
{
char *tmp = dest;
[1] while ((*dest++ = *src++) != '\0')
/* nothing */;
return tmp;
}
as you can see at line [1] there is no length/intgreaty checking as src
is
being inserted into dest
SOLUTION:
there is no solution to this problem if there were, one would be common
by
now.. as we all know now there are no true standards worth following
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Maybe in reply to: democow ....: "[Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
