[FUG-BR] Fwd: [Full-disclosure] Vulnerabilities in OpenBSD and billions is other websites

vic vic em wa.pro.br
Quarta Junho 6 17:58:59 BRT 2012


Em 2012-06-06 17:17, mantunes escreveu:
> Algum conhecimento sobre isso ??
>
>
> ---------- Forwarded message ----------
> From: Григорий Братислава <musntlive em gmail.com>
> Date: 2012/6/6
> Subject: [Full-disclosure] Vulnerabilities in OpenBSD and billions is
> other websites
> To: full-disclosure em lists.grok.org.uk,
> submissions em packetstormsecurity.org, bugtraq em securityfocus.com
>
>
> Hello full disclosure!! !! (is I forget another !!)
>
> I want to warn you about is vulnerability in OpenBSD and is maybe
> perhaps possible is Linux and BeOS.
>
> -------------------------
> Is affected maybe possible perhaps
> -------------------------
>
> OpenBSD
> NetBSD
> FreeBSD
> DragonflyBSD
> FruitcakeBSD
> Ubuntu
> Kbuntu
> Anotherbuntu
> BeOS
> NeXTOS
>
> -------------------------
> Details:
> -------------------------
>
> Is when someone is play knetwalk is user can get full scope!! Root!!
>
>
> -------------------------
> Is proof:
> -------------------------
>
> [grigori em bratislava] knetwalk > /dev/nullaruski 2>&1 && knetwalk >
> /dev/nullaruski 2>&1 && knetwalk > /dev/nullaruski 2>&1 &&
>
> And is you do this is 255 times we has:
>
> [grigori em bratislava] knetwalk > /dev/nullaruski 2>&1 && knetwalk >
> /dev/nullaruski 2>&1 && knetwalk > /dev/nullaruski 2>&1 &&
> kbuildsycoca running...
> DCOP Cleaning up dead connections.
> segmentation is fault
> [root em bratislva]# ICE default IO error handler doing an exit(), pid =
> 1984, errno = 42
>
>
> -------------------------
> Timeline:
> -------------------------
> 1984.01.14 Madonna is sing Holiday on American Bandstand
> 1984.01.24 Apple is release personal computer (musntlive is has
> exploit at this time)
> 1984.02.19 Is we make nuclear test at Kazakh Semipalitinsk
> 1984.02.19 musntlive plan advisory
> 2012.06.06 musntlive disclose real 0day is not fake
>
>
> --
>
> `Wherever I is go - there am I routed`
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Não, _mas_

O knetwalk[1] é um jogo do KDESC. Veja que ainda no exemplo tem o 
kbuildsycoca do KDE também... Então se alguém[2] instalou joguinhos 
dependentes do Qt no servidor... bom acho que não preciso dizer mais 
nada...

[1]: http://www.kde.org/applications/games/knetwalk/
[2]: alguém != sysadmin. Para não dizer outra coisa...

-- 
vic
http://choppnerd.com
http://donttrack.us   |   http://dontbubble.us


Mais detalhes sobre a lista de discussão freebsd