Re: exploit code targeting OpenSSL and Mod_SSL ?

From: Geoffroy Raimbault (graimbault@lynx-technologies.com)
Date: Tue Apr 15 2003 - 09:19:16 PDT

Next message: Don Sauer: "RE: exploit code targeting OpenSSL and Mod_SSL ?"

Previous message: Joe Stewart: "Re: exploit code targeting OpenSSL and Mod_SSL ?"
In reply to: John: "exploit code targeting OpenSSL and Mod_SSL ?"
Next in thread: Don Sauer: "RE: exploit code targeting OpenSSL and Mod_SSL ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Take a look at this page :

http://lists.netsys.com/pipermail/full-disclosure/2002-September/001913.html

It's an exploit for the KEY_ARG heap overflow in mod_ssl under Apache
written by Solar Eclipse.

It is provided with a good documentation on how to exploit the
vulnerability.

Regards,

Geoffroy Raimbault
Information Security Consultant
http://www.lynx-technologies.com


----- Original Message -----
From: "John" <johnccostaat_private>
To: <vuln-devat_private>
Sent: Tuesday, April 15, 2003 4:18 AM
Subject: exploit code targeting OpenSSL and Mod_SSL ?


>
>
> Is anyone aware of the existence of exploit code in the
> wild that is currently targeting OpenSSL and Mod_SSL
> vulnerabilities?
>
> Tx
> John
>

Next message: Don Sauer: "RE: exploit code targeting OpenSSL and Mod_SSL ?"
Previous message: Joe Stewart: "Re: exploit code targeting OpenSSL and Mod_SSL ?"
In reply to: John: "exploit code targeting OpenSSL and Mod_SSL ?"
Next in thread: Don Sauer: "RE: exploit code targeting OpenSSL and Mod_SSL ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 14:07:25 PDT