funsec mailing list archives

Re: Hey old people

From: Drsolly <drsollyp () drsolly com>
Date: Wed, 21 Dec 2005 12:20:42 +0000 (GMT)

On Tue, 20 Dec 2005, Blue Boar wrote:

http://www.osvdb.org/blog/?p=77

Any of you guys remember any really old vulnerabilities?


My favourite is the one whereby an IBM PC tries to boot from a floppy disk 
by loading and executing the boot sector, even if your normal bootup is 
from the hard disk. That was introduced with the IBM XT, (1983, I think) 
and first exploited in 1986.

But for a really old vulnerability you want the one whereby is you have an 
EXE file, and put a COM file in the same directory, then the COM file gets 
executed in preference to the EXE file when you type the filename without 
extension. That existed in 1981, although it wasn't realised that it was a 
vulnerability until the 1990s

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Hey old people Blue Boar (Dec 20)
- Re: Hey old people Drsolly (Dec 21)
  - RE: Hey old people Larry Seltzer (Dec 21)
  - Re: Hey old people Blue Boar (Dec 21)
    - RE: Hey old people Larry Seltzer (Dec 21)
    - Re: Hey old people Drsolly (Dec 21)
    - RE: Hey old people Larry Seltzer (Dec 21)
    - RE: Hey old people Nick FitzGerald (Dec 21)
    - RE: Hey old people Drsolly (Dec 21)
    - RE: Hey old people Drsolly (Dec 21)
    - RE: Hey old people Drsolly (Dec 21)
    - RE: Hey old people Drsolly (Dec 21)

(Thread continues...)