Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Shoe 1.0 - Remote Lace Overflow

from [Thomas Sutpen] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Shoe 1.0 - Remote Lace Overflow
Date: Sat, 25 Dec 2004 16:49:08 -0700 
On Wed, 22 Dec 2004 11:20:45 -0500, announce@0x90.org <announce@0x90.org> wrote:
[...]

 Vulnerable Sizes:
 -----------------
 6 through 13. Other sizes may be vulnerable, but were unavailable for 
testing.


Cursory note:  The guy with the size 13s must get all the chicks.  You
know what they say ....
 
[...]


 Fix:
 ----
 Do not wear untrusted shoes sent to you. Other possible workarounds include
 sandals (aka. flip-flops). These are a good work-around and are widely
 available for those concerned about their security.


Merrell also makes a "Jungle Moc" that is a mitigating factor to this
vulnerability.  All shoes of similar "Moccasin" styles, as well as
Cowboy Boots, also seem to be unaffected.  Cowboy Boots with spurs
seem to add an additional layer of security, as well as cool points.

Review of their website seems to indicate that they're going to be
discontinuing the line, though.  So, with Boxing Day tommorrow, I'd
recommend snapping up a few pairs as a cautionary posture against the
possibility of future attacks.

[...]

TS
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] Multiple vulnerabilities in AOL and AOL affiliate web sites, Michel Blomgren
Next by Date:  [Full-Disclosure] [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc inside., class 101
Previous by Thread:  Re: [Full-Disclosure] Shoe 1.0 - Remote Lace Overflow, Alex V. Lukyanenko
Next by Thread:  Oracle Trigger Abuse (#NISR2122004I), NGSSoftware Insight Security Research
Indexes:  [Date] [Thread] [Top] [All Lists]