There was an old old old wuftpd exploit that would overflow with pasv, then it would core dump with a copy of /etc/shadow world readable in it. It was a cute little vuln, but patched long long ago. ..I'm sure we can move on from looking for "fake" exploits that were released in the past. We should all be able to move on from this weekends issue. I'm sure the person(s) responsible regret what they have done. Lets move on and search for new things. jparker(); - http://www.o-negative.net o-Negative: Information Network ----- Original Message ----- From: "josmon m." <digitalenemyat_private> To: <vuln-devat_private> Sent: Saturday, September 22, 2001 1:32 PM Subject: Re: wuftpd 2.6.1 (fake?) exploits > bb: > lol > hm....but like > wu261ex.c looks like it should work (well...except the gets(blah) *g* and > the system(rm -rf *.c thingy ;p)..heh > well....i saw a patch on the wuftpd site against some pasv vuln....so maybe > its a patched exploit. > anyways....ill test it tomorrow (or when i get time) and drop ya guys a msg > :) > > peace > -josmon m > > www.entenkotze.cjb.net > > > >
This archive was generated by hypermail 2b30 : Sat Sep 22 2001 - 22:25:44 PDT