We've been very surprised by the last message with subject "WU-ftp worm", which the author claims to be hit by a ftpd worm. As the authors of the code attached in that message, we would like to say that we have no connections with this worm and we've never seen such code before. That means we do NOT have the code. Sekure SDI is not a cracker group. Our exploit code has been made only for testing purpose and it was NOT suppose to be released. Also, we would like to make a little comment about the wu-ftpd exploit: - The SDI-wu code needs some fixes to work in Red Hat and other linux distribution. Script kiddies -> don't even try to run it! - The first exploit released (made by duke - I think ADMwuftpd) will not work. WU-ftpd will discard nulls characters so the return address (bf ff f3 c0) will not be passed to the stack, which means we cannot execute the instructions inserted in the buffer. It also will bring you to the reason we've not coded the exploit in the ordinary way. - Unlike the WU-ftp, the PROFTP will not accept some of the characters of the standard shellcode and exploit code, so it's much more difficult to exploit. I would say it's nearly impossible. I've received a lot of message asking about how to use the exploit, bla bla. We will NOT help kiddies with this tool. At last, I would like to make clear that Sekure SDI has nothing to do with this worm. Our goal is only to seek and provide security information. * PLEASE, updated your wu-ftpd to the newest version! * Thank you, -condor www.sekure.org s e k u r e pgp key available at: http://condor.sekure.org/condor.asc
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:40 PDT