information on the new code on the block

["david evlis reign" <davidreign () hotmail com>]

to the vuln-dev readers,

reading those last few posts about the apache exploit doing the rounds, i 
decided to post what i knew about some exploits that are uncovered, "0day" i 
think they are called.

first off i can *confirm* a working qmail exploit, i recieved the src from a 
trusted friend, and it prevalied on my mail forwarders as real, live and 
alive. second, from another source, i was told of a working bind9 exploit, 
not the w00bind(no it doesn't exploit bind, check the sleep() routines, and 
whoever coded it is a _disgrace_ to the underground, and the defamation of 
shok and nyt's name is just one outcome of its circulation) but another one 
exploiting an heap overflow in some handling, no *exact* details known at 
the time. the third piece of information which seems *extremely* credible is 
a sshd exploit (open, ssh.com, f-secure) and from what i hear, it's just 
like the deattack int overflow, hard to spot in the code, and extremely 
widespread, it think it might be a preauth bug, or a handling bug. i was 
told to check the auth files, but blind-auditing razor style seems better. 
and too finish off, there is a apache 1.2.*, 1.3.* exploit in the wild, and 
i dont know if it is the elusive 7350c0wb0y or whatever but yes, it is out 
there.

just trying to keep the public informed, if i get some credible information 
like the stuff above i will keep you updated!
later,
davidr


_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com