Date: Wed, 08 Mar 2017 16:52:08 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: grarpamp <grarpamp@gmail.com> Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Subject: Re: WikiLeaks CIA Exploits: FreeBSD References Within Message-ID: <86innjojfb.fsf@desk.des.no> In-Reply-To: <CAD2Ti28acbW%2BpGQR5UihECWvg9WduGmVzkVFug_2ZWRF2zyTBw@mail.gmail.com> (grarpamp@gmail.com's message of "Tue, 7 Mar 2017 15:29:07 -0500") References: <CAD2Ti28acbW%2BpGQR5UihECWvg9WduGmVzkVFug_2ZWRF2zyTBw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
grarpamp <grarpamp@gmail.com> writes: > https://search.wikileaks.org/?q=3Dfreebsd > > Currently returns many pages similarly named... > > "Shell Code Database > This page includes local links to a shellcode > database discovered at shell-storm.org." That doesn't indicate a vulnerability. Shell code is what you use to exploit a remote code execution vulnerability once you've found it. It usually needs to be tailored to the target operating system, sometimes to the exact environment and to the application used to inject it, so it makes sense that a shell code database would reference FreeBSD. > [...] it makes sense to establish ongoing search and review of this > dataset for any as yet unfixed exploits. Note to anyone thinking of getting involved in this: depending on your jurisdiction and employment situation, downloading material from the CIA dump may be illegal and / or a firing offense. Simply browsing it online may or may not be safe; get legal advice before you do. IANAL. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86innjojfb.fsf>