Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Dailydave] 0day alert...
From: Dave Aitel (daveimmunitysec.com)
Date: Tue Mar 23 2004 - 12:43:58 CST
-----BEGIN PGP SIGNED MESSAGE-----
The files listed at http://www.wiley.com/legacy/compbooks/koziol/ contain:
1. CANVAS's old win32 shellcode (we're much cooler now) - still good
to read through if you want to se how a real exploit works around bugs
in kernel32.dll. It's heavily documented as well, and it's interesting
to see the differences between how I did this and how LSD and a few
others have done this sort of thing.
2. A spike script from back in the day that crashes dtlogin due to a
double-free (this is the CDE bug Iimentioned a short time ago).
dtlogin is remotely exploitable by default on, say, Solaris. I might
release an advisory sometime next week if I have time to write it up.
I would still recommend buying the book, since you get to go through
my process on how I found it in the first place, which is a lot more
valuable than one double free against Solaris, Irix, Tru64, etc.
I believe Sinan Eren's Solaris and OpenBSD kernel exploits are also in
the package, along with his Tru64 ttdb remote. I also see some
database exploits for Oracle and DB2 sitting in the package...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----