Sunday, October 7, 2012

What is a dzug?

I moved the dzug.c from the null directory to xSports,
where it actually belongs to.

What is a D-Zug? Besides being an exploit for CVE-2012-3524,
a D-Zug (german: Durchgangs-Zug) was a fast kind of train
in the 70's and 80's. Nowadays its obsoleted by high speed
trains like ICE (similar to TGV in France).
dzug.c, also kind of a 80's style of living, integrates a lot of
attack vectors to proof CVE-2012-3524 exploitable.
There exist a lot of flavors of dzug.c, so
if this PoC version is not working for you, it means
indeed nothing. Its also not bound to Linux. Theoretically any
UNIX running DBUS is at risk.


3 comments:

Connie said...

How long did it take you to learn all you know about computers?

Anonymous said...

nice first comment btw...

anyway, why are all linux distros embracing this dbus fagotry ? :/

Sebastian said...

Good question! And unfortunally not
only on Linux.
Sadly and madly its common today to
write DBUS services rather than
traditional UNIX daemons.