Dailydave mailing list archives
Re: Anonymized posting
From: Dave Aitel <dave () immunitysec com>
Date: Fri, 28 May 2004 15:39:37 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 They link to this post on packetstorm, and I'm just guessing the last line is what the poster was referring to with the 2-years comment. - -dave http://www.packetstormsecurity.org/0405-exploits/cvs_linux_freebsd_HEAP.c Date: 20 May 2004 01:19:15 -0000 From: anonymous Subject: Declaring Open Season on Open Source Hi, consider this an iALERT Today a nice vulnerability in the CVS was published, this sucks. Here are some exploits for that vulnerability. They will exploit any Linux / FreeBSD / Solaris box running CVS. (The Solaris one is very slow, your bitching, I'd like to see you write it.) We already owned everyone and everything with these exploits yearsago, and in fact we've all had them sitting on the shelf gathering dust due to lack of
new targets. FUN TESTBED IDEAS: cvs.apache.org cvs.perl.com cvshome.org <-- PLAY "FIND THE SUCKIT" anoncvs.freebsd.org <-- ls -al /tmp to see how many people who can't hack own +this already cvs.kernel.org *.gnu.org *.debian.org www.openbsd.org <-- TRIPPLE HEAP SOLARIS OWNAGE - THEO IS TOAST HOW TO FIND VICTIMS: google for "[anon/cvs/anonymous/etc] pserver" .gov and .mil cvs trees are fun I wonder how long it'll take everyone to remove all the SUCKits Prizes may be given for the most imaginative defacement / trojaning. Finally a big thank-you to Steffen Esser of Team TESO Security for being such an +amazing whitehat and providing the public with such great Security Product. - - The Axis of Eliteness - WARNING - THE AXIS HAZ ACCESS "Move over saddam, cos you're not as leet as I am" /* Linux / FreeBSD CVS exploit - January 2001 */ Jason Hooper wrote: | Does anyone have a more indepth link to the publication than whats | here : | | http://www.cvshome.org/ | | .. | | -----Original Message----- From: | dailydave-bounces () lists immunitysec com | [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Dave | Aitel Sent: Friday, May 28, 2004 1:14 PM To: | dailydave () lists immunitysec com Subject: [Dailydave] Anonymized | posting | | http://uptime.netcraft.com/up/graph?site=cvshome.org&probe=1 | | "Apache/1.3.22 (Unix) (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b | PHP/4.0.6 mod_perl/1.26 mod_throttle/3.1.2" | | One can only hope that this was put online as a honeypot, after the | recent publication of a sustained two-year compromise of | cvshome.org. | | What backdoored opensource project owned you today? _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAt5V4zOrqAtg8JS8RAp/VAKD98HWYq7rUCeIWVHqxUa0wZ5/rzQCZAV/b zqXsS1UfoulMCPPE+OG1ELc= =Q7ij -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- anonymized posting Dave Aitel (May 11)
- <Possible follow-ups>
- Anonymized posting Dave Aitel (May 28)
- RE: Anonymized posting Jason Hooper (May 28)
- RE: Anonymized posting Thor Larholm (May 28)
- Re: Anonymized posting Dave Aitel (May 28)
- Anonymized posting Dave Aitel (Jun 09)
- Re: Anonymized posting wirepair (Jun 09)
- Re: Anonymized posting Frank Knobbe (Jun 09)
- Re: Anonymized posting Evgeny Demidov (Jun 09)