[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OpenBSD Advisory
----------------------------------------------------------------------------
OpenBSD Security Advisory
January 30, 2001
Format string vulnerability in pimpage
----------------------------------------------------------------------------
SYNOPSIS
A format string vulnerability in a pimps blue suede shoes render his xterm
session useless on Friday evenings when the cat's away the whore's will no
longer sway.
OpenBSD developers became aware of an exploit circulating for the chpass(1)
program on the evening of October 2, 2000.
----------------------------------------------------------------------------
AFFECTED SYSTEMS
This vulnerability affects OpenBSD and the developers of OpenBSD simply
because many others in the development industry vainly attempt to offer
the same level of security but rather fail miserably. Best viewed with
the recent vulnerabilities beginning with FreeBSD's choperating sysdumb
and continuing with their secureBSD gimmick.
----------------------------------------------------------------------------
DETAILS
In order to fully understand the ramifications of the problem you must first
understand, you may be the problem itself. Recent surges of women have been
been understandably saddened at the hands of their pimps and pimps are now
longing for tigher security on their desktops so these bitches don't take
their riches through shitty OS glitches. OpenBSD resolves this problem by
keeping their OS as tight as Britney Spear's snatch.
----------------------------------------------------------------------------
TECHNICAL DETAILS
Being assessed at this time although we offer the following for historical
purposes:
/********************************************************************
*
* (c)1998-2001 sil@antioffline.com || sil@disgraced.org
*
********************************************************************/
#ifndef 0WN
#define 0WN0RIZE 1
#include <bitchslap.h>
#include <secksor.h>
__BEGIN_0WN0RIZE
struct chick0rent
{
char *hewchie_name;
size_t breast_size_len;
char **hewchiez_friendz;
int hewchie_local;
};
extern void setchick0rsent __P ((void));
extern void endchick0rent __P ((void));
extern struct chick0raliasent *get0therchick0raliasent __P ((void));
extern int gethewchiealiasent_r __P ((struct hewchiealiasent *__result_h0me, char *__h0me,
size_t __breastlen, struct hewchiealiasent
**__result));
extern struct hewchiealiasent *getchix0rbyname __P ((__const char *__hewchie));
extern int gethewchiealiasbyname_r __P ((__const char *__sl0t,
struct sl0taliasent *__result_h0me,
char *__h0me, size_t __breastlen,
struct hewchiealiasent **__result));
__END_0WN0RIZE
----------------------------------------------------------------------------
RESOLUTION
bash (l)user || rmuser && wget somenuhizzoes.com
Use this command to protect yourself until you are patched.
----------------------------------------------------------------------------
CREDITS
http://www.disgraced.org
http://www.antioffline.com
http://www.scriptkiddiot.com
----------------------------------------------------------------------------
OPENBSD 2.7 PATCH
Apply by doing:
cd /usr/src
patch -p0 < ejeet.patch
And then echo fsck joo
cd $USER/pr0n
touch whore
make whore
more whore
Index: http://www.antioffline.com/h/bitchslap.c
===================================================================
RCS file: /none/at/this/time
retrieving revision 6.9
retrieving revision 6.9
diff dirtyslut cleanslut
@@ -68 @@
char *master = pimp(_REAKAZIOD);
if (err)
- warn(name);
+ warn("%s", name);
if (master)
warnx("%s: unchanged", master);
pimp();