Исходное сообщение
"Уязвимость в сетевых библиотеках языков Rust и Go, позволяющ..." Отправлено Аноним, 08-Авг-21 15:54
> Верно. А все почему? Потому что растонаркоман и логика плохо совместимые понятия. И то ли дело: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29424 > The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29662 > The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. https://www.openwall.com/lists/oss-security/2015/01/27/9 >  glibc gethostbyname buffer overflow In order to reach the overflow at line 157, the hostname argument must meet the following requirements: - Its first character must be a digit (line 127). - Its last character must not be a dot (line 135). - It must comprise only digits and dots (line 197) (we call this the   "digits-and-dots" requirement). ...   As a proof of concept, we developed a full-fledged remote exploit   against the Exim mail server, bypassing all existing protections   (ASLR, PIE, and NX) on both 32-bit and 64-bit machines. We will   publish our exploit as a Metasploit module in the near future. The first vulnerable version of the GNU C Library is glibc-2.2,   released on November 10, 2000. Это другое!(с)

Ваше сообщение
Имя*:
EMail:	Для отправки ответов на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	>> Верно. А все почему? Потому что растонаркоман и логика плохо совместимые понятия. > И то ли дело: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29424 >> The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29662 >> The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. > https://www.openwall.com/lists/oss-security/2015/01/27/9 >> glibc gethostbyname buffer overflow > [code] > In order to reach the overflow at line 157, the hostname argument > must > meet the following requirements: > - Its first character must be a digit (line 127). > - Its last character must not be a dot (line 135). > - It must comprise only digits and dots (line 197) (we call > this the > "digits-and-dots" requirement). > ... > As a proof of concept, we developed a full-fledged remote > exploit > against the Exim mail server, bypassing all existing protections > (ASLR, PIE, and NX) on both 32-bit and 64-bit machines. > We will > publish our exploit as a Metasploit module in the near > future. > The first vulnerable version of the GNU C Library is glibc-2.2, > released on November 10, 2000. > [/code] > Это другое!(с)
	Введите код, изображенный на картинке: