Message-ID: <20020917202739.GA6710@sigourney.mirizma.org>
From: solareclipse at phreedom.org (Solar Eclipse)
Subject: Remote exploit and vulnerability scanner for the OpenSSL KEY_ARG buffer overflow

The attached file contains the source code for a remote exploit
for OpenSSL 0.9.6d. It has been successfully tested on Apache/mod_ssl
servers running on most major Linux distributions.

Along with the exploit, you will also find a OpenSSL vulnerability
scanner, which uses a more reliable scanning approach than the
RUS-CERT scanner. It will be extremely useful to both sysadmins
and script kiddies. 

Those of you who have spent a long time developing an exploit for this
vulnerability and failed, look at the included README file.
It contains a detailed, highly technical explanation of how the
exploit and the scanner work, starting with a description of the
SSL2 protocol handshake.

This code or any derivative versions of it may not be posted to Bugtraq
or anywhere on SecurityFocus, Symantec or any affiliated site.

If you have not patched your servers yet, start whining now.

I can finally go back to coding.


Solar Eclipse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl-too-open.tar.gz
Type: application/x-tar-gz
Size: 18396 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020917/d2539e34/openssl-too-open.tar.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020917/d2539e34/attachment.bin

Powered by blists - more mailing lists