Penetration Testing mailing list archives
RE: How to find if exploit exist to a reported CVE ?
From: "Walsh, Leo" <Leo_Walsh () jeffersonwells com>
Date: Wed, 7 Nov 2007 07:39:40 -0600
I don't personally know of any place that tracks CVE to exploit code nor a place that tracks all exploit code. Here is what I usually do: Do a search at milw0rm for exploits matching the product and/or vendor for the affected technology Google search the CVE number and/or vulnerability name with the keyword "exploit" Follow the links referenced in the CVE for the vulnerability reporter Follow the links referenced in the CVE for vendor and any other 3rd party vulnerability companies That's about it. Sometimes the discussion on the 3rd party vulnerability company or vendor pages mentions a link to exploit code or that no code has been released so don't forget to read deeply into those bulletins linked in the CVE. -Leo Walsh, GSNA Jefferson Wells International 816-627-4222 (office) 913-484-8051 (cell) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Juan B Sent: Friday, November 02, 2007 7:35 PM To: pen-test () securityfocus com Subject: How to find if exploit exist to a reported CVE ? Hi, I got a security vulnerability report and want to check if an known exploit exist for a particular CVe number. in which site I can find it out? milw0rm? thanks! Juan __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ******* Internet Email Confidentiality ******* The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that it is strictly prohibited (a) to disseminate, distribute or copy this communication or any of the information contained in it, or (b) to take any action based on the information in it. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- How to find if exploit exist to a reported CVE ? Juan B (Nov 06)
- RE: How to find if exploit exist to a reported CVE ? Joseph Nicosia (Nov 07)
- Re: How to find if exploit exist to a reported CVE ? security curmudgeon (Nov 07)
- <Possible follow-ups>
- RE: How to find if exploit exist to a reported CVE ? Walsh, Leo (Nov 07)
- Re: How to find if exploit exist to a reported CVE ? Kyprianos Vassilopoulos (Nov 07)
- Re: How to find if exploit exist to a reported CVE ? Joey Peloquin (Nov 07)
- Re: How to find if exploit exist to a reported CVE ? Justin Ferguson (Nov 08)
- Re: How to find if exploit exist to a reported CVE ? Ronald Chmara (Nov 08)