Vulnerability Development mailing list archives
Re: New Remote Hole found in Berkeley Fingerd!
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 21 Nov 2001 13:29:16 +0300
Hello vuln-dev, First, this vulnerability has no relation to Berkley (BSD) fingerd. Buggy application is "Doug's WWW Finger Gateway". Second, as it was noted for many times, %0a encoding is hexadecimal ASCII, not Unicode encoding, so phrase "This bug can be exploited with Unicode / CGI Decode exploit from Microsoft called Internet Explorer." is funny, but completely mess. --Wednesday, November 21, 2001, 2:23:26 AM, you wrote to vuln-dev () securityfocus com: vd> Hi everyone! vd> We have discovered a remote vulnerability in Berkeley finger, which is vd> somewhat trivial to exploit. The vendor has been notified and now is the vd> time for the hole to be fully disclosed to the security community. vd> Attached to this submission is our advisory + full working exploit. vd> Remember to use the information responsibly. vd> Happy hacking. vd> The GOBBLES Research Team vd> http://www.bugtraq.org -- ~/ZARAZA Ìàøèíà îêàçàëàñü ñïîñîáíîé ê åäèíñòâåííîìó äåéñòâèþ, à èìåííî óìíîæåíèþ 2x2, äà è òî ïðè ýòîì îøèáàÿñü. (Ëåì)
Current thread:
- New Remote Hole found in Berkeley Fingerd! vuln-dev (Nov 20)
- Re: New Remote Hole found in Berkeley Fingerd! 3APA3A (Nov 21)
- Re: New Remote Hole found in Berkeley Fingerd! Olaf Kirch (Nov 21)
- <Possible follow-ups>
- RE: New Remote Hole found in Berkeley Fingerd! Graeme Fowler (Nov 21)