screen 4.03 password bypass vuln - UPDATE (for you sec dudes...)

2008.06.19
Credit: rembrandt
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Well I improved the advisory I released a while ago after I found serval websites wich claim that this is a fake/myth sec. problem because they where not able to reproduce it onto their boxes... The updated version is avaiable at milw0rm (thanks to str0ke) and I recomment that all who mirrored the article do update. milw0rm link: http://www.milw0rm.com/exploits/4028 I even included a lil example to make it fool proof... I was realy impressed that some do think it's a fake/myth and claim that onto their website. So it would be nice if the guys at osvdb.org (and others) may do update their articles, rating and what else matters for them to correct their statements.... I named a now OS and how to reproduce it. So feel free to install oBSD in a VM. ;] The new version of the "improved" advisory is attached too for your convenience. The bug itself is still the old one.... Kind regards, Rembrandt <div><ul><li>text/plain attachment: screen_4_0_3_password_bypass_openbsd_txt</li></ul><!-- attachment="screen_4_0_3_password_bypass_openbsd_txt" --></div>

References:

http://seclists.org/fulldisclosure/2008/Jun/0227.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top