The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
Newsgroups: comp.os.vms
From: samp...@gmail.com
Date: Tue, 12 Aug 2008 08:27:47 -0700 (PDT)
Local: Tues, Aug 12 2008 11:27 am
Subject: Re: DEFCON 16 and Hacking OpenVMS
> >1. A format string vulnerability in the FINGER client (VAX only). The It appears to be something separate, since it seems to have to do with > >example shellcode is stored on a remote system's .plan file and forces > >the victim FINGER client to modify SYSUAF. > Is this with DEC TCPIP services or is it something to do with the a format string vulnerability. Basically someone puts a bunch of % strings and shellcode in their .plan on a remote host, fingers that user from the target host, and the FINGER client executes the shellcode due to the format string vulnerability in the client. > >2. A CLI buffer overflow on Alphas. Basically any input over 511 I think this might be a DCL issue, it seems to work across a number of > >characters causes an overflow, it seems to be possible to have a > >privileged process execute arbitrary code. > Can you explain this one in a bit more detail ? different images. Not had a chance to play with this as my own VMS box is down at the moment. Sampsa You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||