Vulnerability Development mailing list archives
RE: exploit code targeting OpenSSL and Mod_SSL ?
From: "Don Sauer" <djsauer () swbell net>
Date: Tue, 15 Apr 2003 16:55:44 -0500
There are also a number of calloc() overflow errors out there that affect openssl. Goto http://www.securitytracker.com and search on calloc() or openssl and you'll get a good list -----Original Message----- From: Joe Stewart [mailto:jstewart () lurhq com] Sent: Tuesday, April 15, 2003 11:12 AM To: John; vuln-dev () securityfocus com Subject: Re: exploit code targeting OpenSSL and Mod_SSL ? On Monday 14 April 2003 10:18 pm, John wrote:
Is anyone aware of the existence of exploit code in the wild that is currently targeting OpenSSL and Mod_SSL vulnerabilities?
There's a lot of that going on right now. I wrote an analysis of one particular OpenSSL exploit kit that is circulating: http://www.lurhq.com/atd.html
From what I've seen, almost all of the kiddie activity on port 443
lately based on openssl-too-open.c by Solar Eclipse. -Joe -- Joe Stewart, GCIH Senior Intrusion Analyst LURHQ Corporation http://www.lurhq.com/
Current thread:
- exploit code targeting OpenSSL and Mod_SSL ? John (Apr 15)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Joe Stewart (Apr 15)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Simayi (Apr 17)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Geoffroy Raimbault (Apr 15)
- <Possible follow-ups>
- RE: exploit code targeting OpenSSL and Mod_SSL ? Don Sauer (Apr 15)
- RE: exploit code targeting OpenSSL and Mod_SSL ? Arne Ansper (Apr 16)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Joe Stewart (Apr 15)