[EMAIL PROTECTED] wrote:
dis is powerfull security whole! im writting a exploit for it right now in visual cobol!
czech this out::
http://www.security.nnov.ru/search/news.asp?binid=1320 http://www.securityfocus.com/bid/5835/info/ http://www.securityfocus.com/bid/7550/info/ http://rhn.redhat.com/errata/RHSA-2002-096.html http://www.debian.org/security/2003/dsa-344 http://www.2600.com
it's over 1 year old! and it's your own fault if you fall for it, normally , you dry-run it first, then you see something fishy is going on.
btw... what's there to exploit??? just take a modified bash (sh) that opens a rootshell, and overwrite it!
djies... you skidds never seem to learn ;)
you really didn't invent the light, you know...
-- harry aka Rik Bobbaers
K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 [EMAIL PROTECTED] -=- http://harry.ulyssis.org
"\x41\x20\x63\x6f\x6d\x70\x75\x74\x65\x72\x20\x77\x69\x74\x68\x6f\x75\x74\x20" "\x57\x69\x6e\x64\x6f\x77\x73\x20\x69\x73\x20\x6c\x69\x6b\x65\x20\x61\x20\x66" "\x69\x73\x68\x20\x77\x69\x74\x68\x6f\x75\x74\x20\x61\x20\x62\x69\x63\x79\x63" "\x6c\x65\x0a\x00"
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html