There are also a number of calloc() overflow errors out there that affect openssl. Goto http://www.securitytracker.com and search on calloc() or openssl and you'll get a good list -----Original Message----- From: Joe Stewart [mailto:jstewartat_private] Sent: Tuesday, April 15, 2003 11:12 AM To: John; vuln-devat_private Subject: Re: exploit code targeting OpenSSL and Mod_SSL ? On Monday 14 April 2003 10:18 pm, John wrote: > Is anyone aware of the existence of exploit code in the > wild that is currently targeting OpenSSL and Mod_SSL vulnerabilities? There's a lot of that going on right now. I wrote an analysis of one particular OpenSSL exploit kit that is circulating: http://www.lurhq.com/atd.html From what I've seen, almost all of the kiddie activity on port 443 lately based on openssl-too-open.c by Solar Eclipse. -Joe -- Joe Stewart, GCIH Senior Intrusion Analyst LURHQ Corporation http://www.lurhq.com/
This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 14:59:06 PDT