[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vulndiscuss
Subject:    [VulnDiscuss] Remote exploit and vulnerability scanner for the OpenSSL KEY_ARG buffer overflow
From:       Solar Eclipse <solareclipse () phreedom ! org>
Date:       2002-09-17 20:27:39
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


The attached file contains the source code for a remote exploit
for OpenSSL 0.9.6d. It has been successfully tested on Apache/mod_ssl
servers running on most major Linux distributions.

Along with the exploit, you will also find a OpenSSL vulnerability
scanner, which uses a more reliable scanning approach than the
RUS-CERT scanner. It will be extremely useful to both sysadmins
and script kiddies.=20

Those of you who have spent a long time developing an exploit for this
vulnerability and failed, look at the included README file.
It contains a detailed, highly technical explanation of how the
exploit and the scanner work, starting with a description of the
SSL2 protocol handshake.

This code or any derivative versions of it may not be posted to Bugtraq
or anywhere on SecurityFocus, Symantec or any affiliated site.

If you have not patched your servers yet, start whining now.

I can finally go back to coding.


Solar Eclipse

["openssl-too-open.tar.gz" (application/x-tar-gz)]
[Attachment #6 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]