Re: [argv] PHC Threatcon Monitor & Hacklog Vulnerable

[hellNbak <hellnbak () nmrc org>]

heh

On Fri, 7 Mar 2003, Day Jay wrote:

> Date: Fri, 7 Mar 2003 13:43:02 -0800 (PST)
> From: Day Jay <d4yj4y () yahoo com>
> To: ARGV <argv () hushmail com>
> Cc: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] [argv] PHC Threatcon Monitor & Hacklog
>     Vulnerable
>
> LMFAO!
>
> LOLZ!
>
>
>
> --- ARGV <argv () hushmail com> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> >
> > 1. Topic:
> >     Threatcon monitor
> >     Hacklog
> >
> >     OMG WTF LOL -- OHDAY PHC EXPLOIT -- OMG WTF LOL
> >
> > 2. Relevant versions:
> >         Vulnerable: 1.0
> >
> >         Not Vulnerable:  NONE!
> >
> > 3. Problem description:
> >     OMG WTF LOL!
> >
> >     http://phrack.efnet.ru/threatbar.c
> >
> >     if ((ffd = open(filename, O_WRONLY | O_CREAT)) < 0)
> >
> >     OMG WTF LOL -- RACE CONDITION -- OMG WTF LOL!!!!!!
> >
> >     TMP RACE 101:
> >             MAKE SYMLINK TO /etc/shadow IN /tmp MATCHING
> > FILENAME
> >             WAIT FOR 31337 H4X0R TO RUN THREATBAR
> >             ...
> >             PROFIT!
> >
> >     http://phrack.efnet.ru/hacklog.c
> >
> >     OMG WTF LOL -- ANOTHER BUG -- OMG WTF LOL!!!!
> >
> >     if (argc != 3)
> >         {
> >     fprintf (stderr, "Usage: %s <typescript>
> > <timing-file>\n",
> >                  argv[0]);
> >
> >     WHOA MAN, WHAT IF ARGV IS NULL? WHOA MAN! OMG WTF
> > LOL!!!
> >
> > 4. Workaround:
> >     BOW DOWN TO ME, THE GREAT TSAO
> >     ME SO SMART OMG WTF LOL!!!
> >
> > 5. References:
> >     THANKS TO SHIFTEE FOR THE EXPLOITZZZ OMG LOL!!!
> >
> > 6. Contact:
> >         argv () hushmail com
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: Hush 2.2 (Java)
> > Note: This signature can be verified at
> > https://www.hushtools.com/verify
> wlkEARECABkFAj5owsUSHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9Bkpw/MAoKSB
> >
> 0Ault9S+OEhzfn3HcGo1YnpnAKCbVkFThlAMs4GeOcWAcJbavXNR5g==
> > =83gT
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> > Concerned about your privacy? Follow this link to
> > get
> > FREE encrypted email: https://www.hushmail.com/?l=2
> >
> > Big $$$ to be made with the HushMail Affiliate
> > Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.netsys.com/full-disclosure-charter.html
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak () nmrc org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html