[Nolug] Pine is worse than Evolution

From: Mark A. Hershberger <mah_at_everybody.org>
Date: Mon, 15 Sep 2003 21:45:13 -0500
Message-ID: <877k49xxhi.fsf@weblog.localhost>

Just because of the conversation last week re: evolution
security... Here is someone who claims to have found a
fully-automatic remote exploit for Pine.

A worm that uses Pine as the infection vector. Oooo! Keep those
address books safe!

attached mail follows:


Ok here it is
Remote pine exploit
quite efficient since no "real offsets are needed" especially in the
first method of exploitation

Worx against grsec high security with random stack with "hard" method
since it is a return to libc tested vs slackware grsec

portbind on 6682 with FULL therminal support i.e. launch bx from ur exp =D

autodiscovers targets/offsets needed

redhat works too but only "easy" method... because of a pop ebp before a
ret.. there is no leave

worm can easily b made especially with "bruteforce" with about 99%
success!!

have fun =P

sorry i forgot to attach code ;D

___________________
Nolug mailing list
nolug@nolug.org

Received on 09/15/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST