| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: solareclipse at phreedom.org (Solar Eclipse) Subject: Remote exploit and vulnerability scanner for the OpenSSL KEY_ARG buffer overflow The attached file contains the source code for a remote exploit for OpenSSL 0.9.6d. It has been successfully tested on Apache/mod_ssl servers running on most major Linux distributions. Along with the exploit, you will also find a OpenSSL vulnerability scanner, which uses a more reliable scanning approach than the RUS-CERT scanner. It will be extremely useful to both sysadmins and script kiddies. Those of you who have spent a long time developing an exploit for this vulnerability and failed, look at the included README file. It contains a detailed, highly technical explanation of how the exploit and the scanner work, starting with a description of the SSL2 protocol handshake. This code or any derivative versions of it may not be posted to Bugtraq or anywhere on SecurityFocus, Symantec or any affiliated site. If you have not patched your servers yet, start whining now. I can finally go back to coding. Solar Eclipse -------------- next part -------------- A non-text attachment was scrubbed... Name: openssl-too-open.tar.gz Type: application/x-tar-gz Size: 18396 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020917/d2539e34/openssl-too-open.tar.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020917/d2539e34/attachment.bin
Powered by blists - more mailing lists