Vulnerability Development mailing list archives
information on the new code on the block
From: "david evlis reign" <davidreign () hotmail com>
Date: Tue, 26 Feb 2002 06:34:24 +0000
to the vuln-dev readers,reading those last few posts about the apache exploit doing the rounds, i decided to post what i knew about some exploits that are uncovered, "0day" i think they are called.
first off i can *confirm* a working qmail exploit, i recieved the src from a trusted friend, and it prevalied on my mail forwarders as real, live and alive. second, from another source, i was told of a working bind9 exploit, not the w00bind(no it doesn't exploit bind, check the sleep() routines, and whoever coded it is a _disgrace_ to the underground, and the defamation of shok and nyt's name is just one outcome of its circulation) but another one exploiting an heap overflow in some handling, no *exact* details known at the time. the third piece of information which seems *extremely* credible is a sshd exploit (open, ssh.com, f-secure) and from what i hear, it's just like the deattack int overflow, hard to spot in the code, and extremely widespread, it think it might be a preauth bug, or a handling bug. i was told to check the auth files, but blind-auditing razor style seems better. and too finish off, there is a apache 1.2.*, 1.3.* exploit in the wild, and i dont know if it is the elusive 7350c0wb0y or whatever but yes, it is out there.
just trying to keep the public informed, if i get some credible information like the stuff above i will keep you updated!
later, davidr _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
Current thread:
- information on the new code on the block david evlis reign (Feb 26)