Hey all,

>> Has anybody a copy of some log files that contain such for general review
>> by the community?
>>
>> A customer was vulnerable to this attack and I would like to find out if
>> he was compromised.

I don't have logs, sorry, but to be honest the probability of him
being compromised by this are rather low -- there's no reliable
exploit for these bugs yet, and at least the eeye-bug is a bit dodgy
to exploit reliably without knowing the remote SP-number or accurately
guessing the thread number.

What is going to be an interesting combination on vulnerable systems i
the combination of the ASP bugs with ElicZ's DebPloit bug -- that
looks good enough to fashion the ASP bugs into remote SYSTEM
compromises.

Cheers,
dulliengmx.de

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]