Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Shareaza Remote Vulnerability

from [ad@heapoverflow.com] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Shareaza Remote Vulnerability
Date: Fri, 27 Jan 2006 12:08:02 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I mean if the shareaza doesnt want to patch as it looks like here ,
provide him a poc with a remote execution and he will be forced to
patch it, but right now he can probably ignore your warnings :)

Ryan Smith wrote:

Thanks Todd, the correct link is
http://www.hustlelabs.com/shareaza_advisory.pdf :>

Ad, I believe what you mean is that I completed 20% of a job, and
the job was correct.  I am sorry you feel my work was incomplete;
do you still feel like you recieved a deliverable that matches the
dollar amount you spent on the research?

On 1/26/06, *ad@heapoverflow.com <mailto:ad@heapoverflow.com>*
<ad@heapoverflow.com <mailto:ad@heapoverflow.com>> wrote:

where is your proof then that the remote execution is possible, the
 shareaza maker wont probably care until you add a proof on what do
you claim as exploitable.. You just made like 20% of a correct job
...


Ryan Smith wrote:

There is a vulnerability in the current version of Shareaza, a
P2P file sharing product.  It results in remote code execution.
Please see the advisory for more details.  There is no patch.



Credit: These vulnerabilities were discovered and researched by
Ryan Smith.



Contact: WhatsTheAddress@gmail.com
<mailto:WhatsTheAddress@gmail.com>
<mailto:WhatsTheAddress@gmail.com
<mailto:WhatsTheAddress@gmail.com>>



Details: http://www.hustlelabs.com/


<http://www.security.nnov.ru/?gohttp://www.rem0te.com/public/images/clamav.pdf








----------------------------------------------------------------------





_______________________________________________ Full-Disclosure -
 We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ9n/Ea+LRXunxpxfAQLq9BAAou8BzrrVGrw7C6Xq//2MgGRF4J4Aqx0l
sntgujSaCMHnf/J8c7XSqvsOxYY0SiiB06yFzFXoBKpdnEHVP5M/4LEiAGwzK21V
y4QK6Z6GVucP/Rz+O0zetub/Sjel4z7vPEZMnqySYA1EihH4MmCFIIC9EyOyyQdf
Jc/7m3GJZO3vR4wOHANrxUFVBXf1mQpzN6Xc4XLhKA0iGAYo/MKQE8+PDCg7uQFd
gDLFhLqbz24rEjYwP6Ww58yhKqc26CnBIeZgghwHBhh7cWcsgzPLqA5RoKSMACfy
o+coqfXv1paZZCPhH17SdgXgfa263bDQmBxFLd6LxEi1kH4ABWEy8gesevZ3Sb5X
Rkzx3h9v8Swa0Mv9/V+L51fELoDcbz22L7Ut+o8fwSukIoYDrz9LIMrjy1IK3aH4
Eraq0/SzMI1oQRAGI51AvKzMgToORQH+p1R1OIlFpyoIzCmKsEBFVY/1q59AGbz/
fkxsFhHD2XkS/nNP9bPevMboS45EZg2FJ8M+BT9OK8FjbP55aBhsynJ+E39fEg4g
eoA288fGCdxONRf+sZ/+9vxnSYlhtBn6u4YXKVVsO3VPsrZcSTck/57P5ZbytX6c
aq11B5N4aS1O1pQ5vSn/vTi6Pyr3jjIcqR+XTu6HHTslzD7V/i9lbpjwaWk3Krpz
C1bLMBfybBU=
=PL4B
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Bypass Genuine Check, Nientiedt
Next by Date:  Re: [Full-disclosure] Bypass Genuine Check, ad@heapoverflow.com
Previous by Thread:  Re: [Full-disclosure] Shareaza Remote Vulnerability, Ryan Smith
Next by Thread:  RE: [Full-disclosure] Shareaza Remote Vulnerability, Todd Towles
Indexes:  [Date] [Thread] [Top] [All Lists]