Vulnerability Development mailing list archives
Re: UCD-snmp 4.2.1 exploit - proof of concept
From: xbud <xbud () g0thead com>
Date: Tue, 19 Feb 2002 12:24:01 -0600
BB - Meant to cc this to the list as well. I did a slight analysis of it, this morning because I ran it without "thoroughly" reviewing the shellcode. It looks legit I cannot verify the exploit works I haven't had time to download ucd-snmpd 4.2.1 and verify however the shellcode looks real... attached is a strings/strace of the shellcode itself. It loads a few functions and executes what I believe a normal bind/shell code-snip would look like. -disclaimer- however!, I don't guarantee anything... As I mentioned it was indeed a slight analysis and I could be totally off. If someone discovers otherwise please let me know. -- ----------------------- Orlando Padilla xbud () g0thead com "I only drink to make other people interesting" www.g0thead.com/xbud.asc ----------------------- On Tuesday 19 February 2002 11:15 am, you wrote:
zenparse () gmx net wrote:/* UCD-snmp 4.2.1 remote exploitGiven the fact the another zenparse is claiming this wasn't him, and an anonymous poster who says this is a fake, I would assume it's a fake (or possibly a leaked exploit that belongs to someone else.) As is the case with almost every single exploit that goes here, I have not checked it to see if it is a trojan. If someone wants to comment on the validity, I'd be happy to put that through. This wouldn't be the first or last trojan posted here, and subscribers must always be suspicious of code on the list. BB
-------------------------------------------------------
Attachment:
sc.strace
Description:
Current thread:
- UCD-snmp 4.2.1 exploit - proof of concept zenparse (Feb 18)
- Re: UCD-snmp 4.2.1 exploit - proof of concept Blue Boar (Feb 19)
- <Possible follow-ups>
- re: UCD-snmp 4.2.1 exploit - proof of concept zen-parse (Feb 19)
- Re: UCD-snmp 4.2.1 exploit - proof of concept xbud (Feb 19)
- RE: UCD-snmp 4.2.1 exploit - proof of concept Mike Tone (Feb 19)