[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Winnie The Pooh Hacking Squadron Presents:0day 31337 vulnerability in indent 2.2.9
- To: "Raymond Morsman" <raymond@dyn.org>
- Subject: Re: [Full-Disclosure] Winnie The Pooh Hacking Squadron Presents:0day 31337 vulnerability in indent 2.2.9
- From: "Kurt Seifried" <listuser@seifried.org>
- Date: Fri, 26 Dec 2003 14:30:02 -0700
> > indent is really fucking leet tool that improves appearance
> > of C source code. It was designed to help people reading
> > sources written by damn stupid and unskilled programmers like
> > You Dong-Hun or Theo the Radt. It is really helpful nowadays
> > because of that whores who think they are coders. Unfortunatelly
>
> Yes it is. But there's no privilege elevations available. So what good
> will this do?
>
> Raymond.
Someone sends you hacker code. It's an unreadable mess (there's a surprise).
You run it through indent. You get owned. Here's a hint: when playing with
code from attackers check the shell code, Makefiles, etc. Do not do this as
a privileged user, ideally do this with a throwaway account, or better yet
from within VMWare. STandard rules of safe/secure computing apply.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html