| New User, Welcome! Login |
tell me
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dan Yefimov wrote:
> Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an
> attacker? No, that was the owner of 'unwritable_file', nobody else. What
> the 0666 file mode means? It means, that everybody can write to the
> file, can't he? So why do you believe that pretension legitimate?
I think he means the 0700 on the containing directory for the "unwritable_file".
> On 24.10.2009 0:35, Matthew Bergin wrote:
> >doesnt look like the original owner is trying to write to it. Shows it
> >cant, it had guest write to it via the proc folders bad permissions.
> >Looks legitimate
> >
> Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an
> attacker? No, that was the owner of 'unwritable_file', nobody else.
> What the 0666 file mode means? It means, that everybody can write to
> the file, can't he? So why do you believe that pretension
> legitimate?
# Nokia Multimedia Player version 1.1 .m3u Heap Overflow PoC exploit
# by 0in aka zer0in from Dark-Coders Group! [0in.email[at]gmail.com] / 0in[at]dark-coders.pl]
# http://www.Dark-Coders.pl
# Special thx to doctor ( for together analyse this shi*) and sun8hclf ( for tell me.. "to unicode.")
# Greetings to: Die,m4r1usz,cOndemned (;> ?),joker,chomzee,TBH
# Nokia Multimedia Player is a element of Nokia PC Suite packet.
# DOWNLOAD:http://europe.nokia.com/A4144905
# Vuln:
# This is heap overflow vuln, we can control EAX & EDI registers
# (on my Windows XP sp3) with UNICODE chars...
> tell you that my visa was working properly all the time, and my bank was
> 24/7 available.
>
> This all led me to the conclusion, that all the hush is about a couple (ok,
> maybe tens or hundreds) of DDoS attacks being done.
> Tell me, how many attacks or ok, attack attempts does your corporate network
> suffer during the day ?
>
> What concerns that student you wrote about, well, Gadi please, as far as I
> know that was a ping-of-death he commited against the server of one
> political party.
1. you didn't wrote OS specification. It was Win XP or Vista? Which language? It was fully patched? DEP was turned on? Have you tried on privileged user?
2. Why did you wrote VERY HIGH threat? This is local buffer overflow. Moreover user has to replace original file. This vulnerability has more to do with SE :(.
3. I haven't debug this overflow event, could you tell me, how much bytes can you parse?
Nice find.
Cheers,
JD
> On 24.10.2009 0:35, Matthew Bergin wrote:
> > doesnt look like the original owner is trying to write to it. Shows it
> > cant, it had guest write to it via the proc folders bad permissions.
> > Looks legitimate
> >
> Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an attacker?
> No, that was the owner of 'unwritable_file', nobody else. What the 0666 file
> mode means? It means, that everybody can write to the file, can't he? So why do
> you believe that pretension legitimate?
Well, at first I would say this might definitely somewhat unexpected.
>> On 24.10.2009 0:35, Matthew Bergin wrote:
>>> doesnt look like the original owner is trying to write to it. Shows it
>>> cant, it had guest write to it via the proc folders bad permissions.
>>> Looks legitimate
>>>
>> Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an
>> attacker? No, that was the owner of 'unwritable_file', nobody else.
>> What the 0666 file mode means? It means, that everybody can write to
>> the file, can't he? So why do you believe that pretension
>> legitimate?
>
> On 24.10.2009 0:35, Matthew Bergin wrote:
> > doesnt look like the original owner is trying to write to it. Shows it
> > cant, it had guest write to it via the proc folders bad permissions.
> > Looks legitimate
> >
> Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an attacker?
> No, that was the owner of 'unwritable_file', nobody else. What the 0666 file
> mode means? It means, that everybody can write to the file, can't he? So why do
> you believe that pretension legitimate?
--
Understanding is a three-edged sword:
On 24.10.2009 0:35, Matthew Bergin wrote:
> doesnt look like the original owner is trying to write to it. Shows it
> cant, it had guest write to it via the proc folders bad permissions.
> Looks legitimate
>
Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an attacker?
No, that was the owner of 'unwritable_file', nobody else. What the 0666 file
mode means? It means, that everybody can write to the file, can't he? So why do
you believe that pretension legitimate?
--
>> On 24.10.2009 0:35, Matthew Bergin wrote:
>> >doesnt look like the original owner is trying to write to it. Shows it
>> >cant, it had guest write to it via the proc folders bad permissions.
>> >Looks legitimate
>> >
>> Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an
>> attacker? No, that was the owner of 'unwritable_file', nobody else.
>> What the 0666 file mode means? It means, that everybody can write to
>> the file, can't he? So why do you believe that pretension
>> legitimate?
>
tell you that my visa was working properly all the time, and my bank was
24/7 available.
This all led me to the conclusion, that all the hush is about a couple (ok,
maybe tens or hundreds) of DDoS attacks being done.
Tell me, how many attacks or ok, attack attempts does your corporate network
suffer during the day ?
What concerns that student you wrote about, well, Gadi please, as far as I
know that was a ping-of-death he commited against the server of one
political party.
|
|
|
