Vulnerability Development mailing list archives
Re: exploit code targeting OpenSSL and Mod_SSL ?
From: "Simayi" <simayi.tw () yahoo com tw>
Date: Thu, 17 Apr 2003 12:24:17 +0800
----- Original Message ----- From: "Joe Stewart" <jstewart () lurhq com> To: "John" <johnccosta () yahoo ca>; <vuln-dev () securityfocus com> Sent: Wednesday, April 16, 2003 12:11 AM Subject: Re: exploit code targeting OpenSSL and Mod_SSL ?
There's a lot of that going on right now. I wrote an analysis of one particular OpenSSL exploit kit that is circulating: http://www.lurhq.com/atd.html From what I've seen, almost all of the kiddie activity on port 443 lately based on openssl-too-open.c by Solar Eclipse.
I find a similar exploit code, OpenFuck.c . It seems to be able to exploit Linux and FreeBSD. I have a problem. The memory management mechanism of FreeBSD is different from Linux. Why can it exploit FreeBSD ?
Current thread:
- exploit code targeting OpenSSL and Mod_SSL ? John (Apr 15)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Joe Stewart (Apr 15)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Simayi (Apr 17)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Geoffroy Raimbault (Apr 15)
- <Possible follow-ups>
- RE: exploit code targeting OpenSSL and Mod_SSL ? Don Sauer (Apr 15)
- RE: exploit code targeting OpenSSL and Mod_SSL ? Arne Ansper (Apr 16)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Joe Stewart (Apr 15)