to the vuln-dev readers,

reading those last few posts about the apache exploit doing the rounds, i
decided to post what i knew about some exploits that are uncovered, "0day" i
think they are called.

first off i can *confirm* a working qmail exploit, i recieved the src from a
trusted friend, and it prevalied on my mail forwarders as real, live and
alive. second, from another source, i was told of a working bind9 exploit,
not the w00bind(no it doesn't exploit bind, check the sleep() routines, and
whoever coded it is a _disgrace_ to the underground, and the defamation of
shok and nyt's name is just one outcome of its circulation) but another one
exploiting an heap overflow in some handling, no *exact* details known at
the time. the third piece of information which seems *extremely* credible is
a sshd exploit (open, ssh.com, f-secure) and from what i hear, it's just
like the deattack int overflow, hard to spot in the code, and extremely
widespread, it think it might be a preauth bug, or a handling bug. i was
told to check the auth files, but blind-auditing razor style seems better.
and too finish off, there is a apache 1.2.*, 1.3.* exploit in the wild, and
i dont know if it is the elusive 7350c0wb0y or whatever but yes, it is out
there.

just trying to keep the public informed, if i get some credible information
like the stuff above i will keep you updated!
later,
davidr

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]