lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: root at (Oliver Raymond)
Subject: Exploit Identification Request

Thanks for your prompt and accurate responses!

The 4092 byte mades me suspicious of a new IIS overflow that was 
not being caught.

The exploit you referenced mentions 296 x A's that rotate to drop 
the code. That pretty much nails this scenario on the head! 
Searches to my normal usenet groups and sec groups failed to find 
this, so I appreciate your help in identifying the possible 

We are, or course, patched to this, but it was concerning me!


---------- Original Message ----------------------------------
From: Thorolf <>
Date:  Thu, 29 Apr 2004 16:52:58 +0200 (CEST)

>Hash: SHA1
>I have few alerts in 24h,
>[5]-root@...r:ttyp3[log] #grep "194.xx.xx.xx" httpd-access.log
>194.xx.xx.xx - - [26/Apr/2004:12:22:36 +0000] "SEARCH
>It looks like some mutation of worm/virus it use this bug,
>Look at this ...
>Rafal Lesniak
>- --
>- - Administrator
>- - Run for your lives, death has arrived
>- - Try save your soul, run from the sound of rowing oars
>Version: GnuPG v1.2.4 (FreeBSD)
>Full-Disclosure - We believe in it.


Powered by blists - more mailing lists