[VIM] update: VulnDisco
security curmudgeon
jericho at attrition.org
Wed Jun 8 03:51:42 EDT 2005
Updating with new vulnerabilities. The 'sample pack' advertised has 3
vulnerabilities, and is free to current CANVAS customers.
---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: vim at attrition.org
Date: Sat, 14 May 2005 07:01:49 -0400 (EDT)
Reply-To: Vulnerability Information Managers <vim at attrition.org>
Subject: [VIM] discuss: VulnDisco
Evgeny Demidov of GLEG posted to DailyDave announcing the release of their
"VulnDisco" pack. This is a pack of exploits for the CANVAS framework, released
by Aitel & Immunity. According to PDF, this pack contained a wide variety of
0day exploits. Since then, he has followed up with three updates that include a
few more exploits each time.
Before anyone replies, consider this. I mailed Dave Aitel and asked if he could
verify that this pack of vulnerabilities were legit. Since they are a CANVAS
framework based set, I figured he of all people could authenticate Evgeny's
research. Dave replied and said he had not tested any of it, and in fact, had
not received a copy. While Immunity was a reseller of the VulnDisco pack, they
were not privileged to a copy of it. I found that surprising.
There has been no followup on DailyDave regarding these packs, good nor bad.
Below you will find a summary of the posts and exploits claimed in each pack.
That said, how does a vulnerability database handle such claims? Should we be
creating entries with the details we have? Or does this amount of exploit code
in one place suggest it may not be fully legit?
Thoughts from the madmen?
--
http://archives.neohapsis.com/archives/dailydave/2005-q1/0290.html
[Dailydave] ANNOUNCE - VulnDisco Pack for CANVAS release
http://www.gleg.net/download/VULNDISCO.pdf
To summarize:
Remotes in this version:
Windows
[0day] Ipswitch IMail buffer overflow Vendor URL: http://www.ipswitch.com
Notes: remote exploit for certain IMail service.
[0day] MaxDB WebAgent stack overflow
Vendor URL: http://www.mysql.com
Notes: remote exploit for MaxDB WebTools wahttp service.
[0day] Pragma Fortress buffer overflow
Vendor URL: http://www.pragmasys.com
Notes: remote exploit for Pragma Fortress SSH server.
Unix
[0day] Exim 4.43 stack overflow
Vendor URL: http://www.exim.org
Notes: exploit for published AUTH SPA stack overflow.
[0day] ntpd buffer overflow
Vendor URL: http://www.ntp.org
Notes: remote root for certain configurations of ntpd
[0day] Samba buffer overflow Vendor URL: http://www.samba.org
Notes: remote exploit for certain configurations of smbd
[0day] Sun ONE ASP buffer overflow
Vendor URL: http://www.sun.com
[0day] Sun ONE ASP arbitrary file retrieval exploit Vendor URL:
http://www.sun.com
Denial of service attacks
[0day] FreeBSD/NetBSD/OpenBSD kernel remote DoS
Vendor URL: http://www.freebsd.org, http://www.openbsd.org,
http://www.openbsd.org Notes: remote crash&reboot for certain configurations of
*BSD kernel
[0day] fam remote DoS
Vendor URL: http://oss.sgi.com/projects/fam/
Notes: remote crash for certain configurations of fam
[0day] Ipswitch IMail remote DoS
Vendor URL: http://www.ipswitch.com
[0day] Kerio MailServer remote DoS
Vendor URL: http://www.kerio.com
Notes: remote crash in Kerio MailServer
[0day] MDaemon remote DoS
Vendor URL: http://www.altn.com
[0day] LSASS.EXE remote DoS
Vendor URL: http://www.microsoft.com
[0day] MySQL 4.x server remote DoS
Vendor URL: http://www.mysql.com
http://archives.neohapsis.com/archives/dailydave/2005-q1/0340.html
[Dailydave] VulnDisco Pack for CANVAS v1.1 is available
New remotes in this version:
[0day] Ethereal heap overflow (proof of concept)
[0day] Miranda IM buffer overflow
[0day] MDaemon buffer overflow
http://archives.neohapsis.com/archives/dailydave/2005-q2/0008.html
[Dailydave] VulnDisco Pack v1.2 for CANVAS is available
New remotes in this version:
[0day] PHP remote DoS
[0day] OpenSSL remote DoS
[0day] NSS heap overflow (proof of concept)**
http://archives.neohapsis.com/archives/dailydave/2005-q2/0087.html
[Dailydave] VulnDisco Pack v1.3 for CANVAS is available
New remote in this version:
[0day] SIMA - Samba remote root
http://archives.neohapsis.com/archives/dailydave/2005-q2/0295.html
[Dailydave] VulnDisco Sample Pack 1.1
New remotes in this version:
[0day] Ethereal heap overflow
[0day] TCPDUMP DoS
More information about the VIM
mailing list