[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: RE: possible 0-day exploit for latest Real-/Helixserver 9.0.2.794
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS ! hr>
Date: 2003-08-25 22:01:14
[Download RAW message or body]
Hi all,
Just to let you know, if you haven't seen already that Realserver 7,8,9
remote exploit for Linux and Windows has been released.
You can find more information at:
http://lists.immunitysec.com/pipermail/dailydave/2003-August/000030.html
And the exploit at:
http://www.k-otik.com/exploits/08.25.THCREALbad.c.php
Regards,
Bojan Zdrnja
> -----Original Message-----
> From: Alexander Reelsen [mailto:ref@tretmine.org]
> Sent: Wednesday, 20 August 2003 11:46 p.m.
> To: incidents@securityfocus.com
> Subject: Re: possible 0-day exploit for latest
> Real-/Helixserver 9.0.2.794
>
>
> Hello
>
> On Tue, Aug 19, 2003 at 07:55:02PM -0000, Brian Benitez wrote:
> > can anyone confirm if this exploit would work on a FreeBSD Helix
> > server? We have been having unexplained spontaneous restarts
> > for a while now, but as of August 17th they've been accompanied
> > by the behavior of not writing the access log after the restart.
> I cannot confirm this. The only systems being exploited I
> have seen so far
> were RedHat and Debian GNU/Linux systems on x86. Furthermore
> the suckit
> rootkit, a rootkit modifying /dev/kmem instead of using
> modules to change
> system calls, was installed. This also won't work on freebsd I guess.
>
> In addition, the exploit for the helix server (on one system
> there were
> no other services which were not blocked by the firewall,
> internal hacking
> can be ruled out, so it somehow has to be the helix stuff at
> least to get
> partly in) was not found.
> Both systems were used for further hacking (which was caught
> by the IDS as
> outgoing traffic was detected).
>
> > We haven't found any obvious rootkit signs, but we're still looking
> > into it. If anyone knows about any other symptomatic behavior
> > related to this problem, I'd love to hear about it.
> Reading this threat it seems to be the unintended restart of the helix
> server...
>
>
> MfG/Regards, Alexander
>
> --
> Alexander Reelsen http://tretmine.org
> ref@tretmine.org
>
> --------------------------------------------------------------
> -------------
> Captus Networks - Integrated Intrusion Prevention and Traffic
> Shaping
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Automatically Control P2P, IM and Spam Traffic
> - Ensure Reliable Performance of Mission Critical Applications
> - Precisely Define and Implement Network Security and
> Performance Policies
> **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> Visit us at:
> http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
> --------------------------------------------------------------
> --------------
>
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic