BB - Meant to cc this to the list as well. I did a slight analysis of it, this morning because I ran it without "thoroughly" reviewing the shellcode. It looks legit I cannot verify the exploit works I haven't had time to download ucd-snmpd 4.2.1 and verify however the shellcode looks real... attached is a strings/strace of the shellcode itself. It loads a few functions and executes what I believe a normal bind/shell code-snip would look like. -disclaimer- however!, I don't guarantee anything... As I mentioned it was indeed a slight analysis and I could be totally off. If someone discovers otherwise please let me know. -- ----------------------- Orlando Padilla xbudat_private "I only drink to make other people interesting" www.g0thead.com/xbud.asc ----------------------- On Tuesday 19 February 2002 11:15 am, you wrote: > zenparseat_private wrote: > > /* > > UCD-snmp 4.2.1 remote exploit > > Given the fact the another zenparse is claiming this wasn't him, and > an anonymous poster who says this is a fake, I would assume it's > a fake (or possibly a leaked exploit that belongs to someone else.) > > As is the case with almost every single exploit that goes here, I > have not checked it to see if it is a trojan. If someone wants > to comment on the validity, I'd be happy to put that through. This > wouldn't be the first or last trojan posted here, and subscribers must > always be suspicious of code on the list. > > BB -------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 22:24:35 PST