[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] *BSD banner INT overflow vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] *BSD banner INT overflow vulnerability
From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 27 Nov 2006 00:35:10 +1300

daylasoul@xxxxxxxx wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Sun, 26 Nov 2006 01:21:50 -0600 "J.A. Terranson" <measl@xxxxxxx>
> wrote:
> >On Wed, 22 Nov 2006, Sean Comeau wrote:
> >
> >> On Wed, Nov 22, 2006 at 12:25:46PM +0300, dead code crew wrote:
> >> >
> >> >  %uname -sir
> >> >  FreeBSD 6.1-RELEASE GENERIC
> >> >  %gdb banner
> >> >  (gdb) r -w 17000000
> >> >  Program received signal SIGSEGV, Segmentation fault.
> >> >  0x01010101 in ?? ()
> >> >
> >>
> >> This doesn't crash banner on OpenBSD,
> >
> >FreeBSD 4.10R doesn't give a shit either.
> >
> >> and even if it did who cares?  What would anyone accomplish by
> >making
> >> this setuid root?
> >
> >   -bash-2.05b$ ls -al /usr/bin/banner
> >   -r-xr-xr-x  1 root  wheel  16136 May 25  2004 /usr/bin/banner
> >
> >Good question.
> >
> >--
> >Yours,
> >
> >J.A. Terranson
> >sysadmin@xxxxxxx
> >0xBD4A95BF
> >
> >"Surely the larger lesson learned from that day is that other men,
> >all
> >over the world, took inspiration not from the heroism of the
> >rescuers in
> >New York or the passengers flying over Pennsylvania, but from the
> >19
> >hijackers - the twisted brilliance of their scheme and their
> >willingness
> >to sacrifice their lives to make a political and, as they saw it,
> >religious statement."
> >
> >Richard Corliss/Time Magazine
> >11 Aug 2006
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> Please maintain a reasonable standard of netiquette when posting.
> Thanks.

Who died and made you list-nanny?

Oh, that's right no-fucking-one.

Your pathetic posts contribute nothing but noise to the list -- piss 
off...


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] *BSD banner INT overflow vulnerability
  - From: Tyop?

References:
- Re: [Full-disclosure] *BSD banner INT overflow vulnerability
  - From: daylasoul

Prev by Date: Re: [Full-disclosure] *BSD banner INT overflow vulnerability
Next by Date: Re: [Full-disclosure] *BSD banner INT overflow vulnerability
Previous by thread: Re: [Full-disclosure] *BSD banner INT overflow vulnerability
Next by thread: Re: [Full-disclosure] *BSD banner INT overflow vulnerability
Index(es):
- Date
- Thread