information on the new code on the block
From: david evlis reign (davidreign@hotmail.com)Date: 02/26/02
- Previous message: Matt Conover: "Disorganization campaign"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "david evlis reign" <davidreign@hotmail.com> To: vuln-dev@securityfocus.com Date: Tue, 26 Feb 2002 06:34:24 +0000
to the vuln-dev readers,
reading those last few posts about the apache exploit doing the rounds, i
decided to post what i knew about some exploits that are uncovered, "0day" i
think they are called.
first off i can *confirm* a working qmail exploit, i recieved the src from a
trusted friend, and it prevalied on my mail forwarders as real, live and
alive. second, from another source, i was told of a working bind9 exploit,
not the w00bind(no it doesn't exploit bind, check the sleep() routines, and
whoever coded it is a _disgrace_ to the underground, and the defamation of
shok and nyt's name is just one outcome of its circulation) but another one
exploiting an heap overflow in some handling, no *exact* details known at
the time. the third piece of information which seems *extremely* credible is
a sshd exploit (open, ssh.com, f-secure) and from what i hear, it's just
like the deattack int overflow, hard to spot in the code, and extremely
widespread, it think it might be a preauth bug, or a handling bug. i was
told to check the auth files, but blind-auditing razor style seems better.
and too finish off, there is a apache 1.2.*, 1.3.* exploit in the wild, and
i dont know if it is the elusive 7350c0wb0y or whatever but yes, it is out
there.
just trying to keep the public informed, if i get some credible information
like the stuff above i will keep you updated!
later,
davidr
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
- Previous message: Matt Conover: "Disorganization campaign"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
