Re: exploit code targeting OpenSSL and Mod_SSL ?

From: Simayi (simayi.twat_private)
Date: Wed Apr 16 2003 - 21:24:17 PDT

Next message: moran zavdi: "cipher.exe overflow"

Previous message: Arne Ansper: "RE: exploit code targeting OpenSSL and Mod_SSL ?"
In reply to: Joe Stewart: "Re: exploit code targeting OpenSSL and Mod_SSL ?"
Next in thread: Geoffroy Raimbault: "Re: exploit code targeting OpenSSL and Mod_SSL ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
From: "Joe Stewart" <jstewartat_private>
To: "John" <johnccostaat_private>; <vuln-devat_private>
Sent: Wednesday, April 16, 2003 12:11 AM
Subject: Re: exploit code targeting OpenSSL and Mod_SSL ?
>
> There's a lot of that going on right now. I wrote an analysis of one
> particular OpenSSL exploit kit that is circulating:
>
> http://www.lurhq.com/atd.html
>
> From what I've seen, almost all of the kiddie activity on port 443 lately
> based on openssl-too-open.c by Solar Eclipse.


I find a similar exploit code, OpenFuck.c .
It seems to be able to exploit Linux and FreeBSD.
I have a problem.
The memory management mechanism of  FreeBSD is different from Linux.
Why can it exploit FreeBSD ?

Next message: moran zavdi: "cipher.exe overflow"
Previous message: Arne Ansper: "RE: exploit code targeting OpenSSL and Mod_SSL ?"
In reply to: Joe Stewart: "Re: exploit code targeting OpenSSL and Mod_SSL ?"
Next in thread: Geoffroy Raimbault: "Re: exploit code targeting OpenSSL and Mod_SSL ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 17 2003 - 12:55:38 PDT