to the vuln-dev readers, reading those last few posts about the apache exploit doing the rounds, i decided to post what i knew about some exploits that are uncovered, "0day" i think they are called. first off i can *confirm* a working qmail exploit, i recieved the src from a trusted friend, and it prevalied on my mail forwarders as real, live and alive. second, from another source, i was told of a working bind9 exploit, not the w00bind(no it doesn't exploit bind, check the sleep() routines, and whoever coded it is a _disgrace_ to the underground, and the defamation of shok and nyt's name is just one outcome of its circulation) but another one exploiting an heap overflow in some handling, no *exact* details known at the time. the third piece of information which seems *extremely* credible is a sshd exploit (open, ssh.com, f-secure) and from what i hear, it's just like the deattack int overflow, hard to spot in the code, and extremely widespread, it think it might be a preauth bug, or a handling bug. i was told to check the auth files, but blind-auditing razor style seems better. and too finish off, there is a apache 1.2.*, 1.3.* exploit in the wild, and i dont know if it is the elusive 7350c0wb0y or whatever but yes, it is out there. just trying to keep the public informed, if i get some credible information like the stuff above i will keep you updated! later, davidr _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 02:32:58 PST