Re: owning ubuntu apt-key net-update (maybe apt-get update related)

[Georgi Guninski <guninski () guninski com>]

On Fri, Sep 23, 2011 at 06:32:10AM +1000, GloW - XD wrote:
> So, this is an exploit then ? Or just a broken package ? Some people would
> simply not understand that,your very techy :P
> Anyhow, making a small .sh file for the bug would be cool.. if there is a
> bug to be had.
> cheers

hi GloW,

the bug appears real to me. ubuntu released an advisory [1] 
and debian have a bug [2].

ubuntu's advisory moderately hurt my narcissistic ego 
by not mentioning my humble name :(

i suppose they have a corporate policy to give credit to "whores only"
(this might be checked by examining which distros give credit 
and which write ``it was discovered'')

as a minor boost to my narcissistic ego, ubuntu's advisory 
didn't contain CVE(R) ID :) 

next time ubuntu hurt my narcissistic ego, i will try the black market for the bug.


[1] https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001424.html
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480

-- 
joro

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/