lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030614015501.A3524@evita.devdas.geek> From: dvb at users.sourceforge.net (Devdas Bhagat) Subject: /Claimed/ remote root exploit in Pureftpd This is someone I know in IRC, and usually does not claim random stuff. I have no further information other than this claim currently, but a code audit might be in order. [ I have not found a security contact on the pureftpd.org page, except for their mailing list, so am sending it there ]. IRC log follows: <dilema> Linux/x86 PureFTPD remote exploit. <dilema> phj34r m3 <Krisp-ET> remote root, huh? <Krisp-ET> ouch <dilema> sad this i already owned myself <Krisp-ET> lol <dilema> PureFTPD (1.x.x) linux/x86 remote ROOT exploit. <dilema> !PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE! <dilema> MUHAHAHAHA <dilema> i suggest you all switch to Pro for the time being <f3ew|sleep> wtf? <f3ew|sleep> where has it been announced? <dilema> lmao it's an 0-day fizewl <f3ew|sleep> wow <dilema> maybe i'll maek it public if i feel like a nice guy <dilema> Linux/x86 PureFTPD remote exploit. <dilema> usage: ./pure [options] <dilema> -c remote host to connect to <dilema> -o remote port to use <dilema> -u remote username <dilema> -p remote password <dilema> -i get the password interactively <dilema> -t predefined target ("-t list" to list all targets) <dilema> -d writeable directory <dilema> -l shellcode address <dilema> -v debug level [0-2] <dilema> -s seconds to sleep after login (debugging purposes) <dilema> -h display this help <dilema> actually <dilema> i have tons of sploits <dilema> i'll throw some on http when i sort through them and make sure not to step on any ones toes by doing so <f3ew|sleep> send the exploit to the pureftpd maintainer <dilema> i'll play with it for a few days. I'm just pissed cause i really like pure and i don't feel like setting up pro <dilema> which is one reason why i am hesitant to give it out [ Exploit claimed to be zero day and in the wild, so I am sending an announcement here as a heads up, hopefuly we can get a quick fix ]. Devdas Bhagat
Powered by blists - more mailing lists