Re: FreeBSD ftpd and ProFTPd on FreeBSD remote r00t exploit

[Jason Hellenthal <jhell () DataIX net>]

On Wed, Nov 30, 2011 at 11:05:08PM +0100, HI-TECH . wrote:
> Hi lists,
> sorry if I offended anyone with by referring to teso,
> I really like teso as you might also.
> all this happend because I was drunk hehe :>
> I hope you enjoy this release!
>
> Am 30. November 2011 20:32 schrieb HI-TECH .
> <isowarez.isowarez.isowarez () googlemail com>:
> > /* KCOPE2011 - x86/amd64 bsd ftpd remote root exploit
> > ?*
> > ?* KINGCOPE CONFIDENTIAL - SOURCE MATERIALS
> > ?*
> > ?* This is unpublished proprietary source code of KINGCOPE Security.
> > ?*
> > ?* (C) COPYRIGHT KINGCOPE Security, 2011
> > ?* All Rights Reserved
> > ?*
> > ?*****************************************************************************
> > ?* bug found by Kingcope
> > ?* thanks to noone except alex whose damn down
> > ?*
> > ?* tested against: ?FreeBSD-8.2,8.1,7.2,7.1 i386;
> > ?* ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?FreeBSD-6.3 i386
> > ?* ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?FreeBSD-5.5,5.2 i386
> > ?* ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?FreeBSD-8.2 amd64
> > ?* ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?FreeBSD-7.3, 7.0 amd64
> > ?* ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?FreeBSD-6.4, 6.2 amd64
> > ?*
> > ?*/
> >
> > I m better than TESO 7350 see attached.
> > I aint mad at cha
> > and dont forget that the scene is fucked.
> > and that the public scene is fucked too, kind of.
> > youse a down ass bitch and I aint mad at cha.
> > thanks lsd you are the only one NORMAL.
> > hear the track before you see the code:
> > http://www.youtube.com/watch?v=krxu9_dRUwQ
> > BTW my box (isowarez.de) got hacked so expect me in a zine :>
> >
> > /Signed "the awesome" Kingcope

Fun stuff... Thanks

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/