Re: UCD-snmp 4.2.1 exploit - proof of concept

[xbud <xbud () g0thead com>]

BB - Meant to cc this to the list as well.

I did a slight analysis of it, this morning because I ran it without
"thoroughly" reviewing the shellcode.  It looks legit I cannot verify the
exploit works I haven't had time to download ucd-snmpd 4.2.1 and verify
however the shellcode looks real... attached is a strings/strace of the
shellcode itself.

It loads a few functions and executes what I believe a normal bind/shell
code-snip would look like.

-disclaimer-
however!, I don't guarantee anything... As I mentioned it was indeed a slight
analysis and I could be totally off. If someone discovers otherwise please
let me know.

--
-----------------------
Orlando Padilla
xbud () g0thead com
"I only drink to make other people interesting"
www.g0thead.com/xbud.asc
-----------------------

On Tuesday 19 February 2002 11:15 am, you wrote:
> zenparse () gmx net wrote:
> > /*
> > UCD-snmp 4.2.1 remote exploit
>
> Given the fact the another zenparse is claiming this wasn't him, and
> an anonymous poster who says this is a fake, I would assume it's
> a fake (or possibly a leaked exploit that belongs to someone else.)
>
> As is the case with almost every single exploit that goes here, I
> have not checked it to see if it is a trojan.  If someone wants
> to comment on the validity, I'd be happy to put that through.  This
> wouldn't be the first or last trojan posted here, and subscribers must
> always be suspicious of code on the list.
>
>                                       BB

-------------------------------------------------------

Attachment: sc.strace
Description: