[VIM] discuss: VulnDisco
security curmudgeon
jericho at attrition.org
Sat May 14 07:01:49 EDT 2005
Evgeny Demidov of GLEG posted to DailyDave announcing the release of their
"VulnDisco" pack. This is a pack of exploits for the CANVAS framework,
released by Aitel & Immunity. According to PDF, this pack contained a wide
variety of 0day exploits. Since then, he has followed up with three
updates that include a few more exploits each time.
Before anyone replies, consider this. I mailed Dave Aitel and asked if he
could verify that this pack of vulnerabilities were legit. Since they are
a CANVAS framework based set, I figured he of all people could
authenticate Evgeny's research. Dave replied and said he had not tested
any of it, and in fact, had not received a copy. While Immunity was a
reseller of the VulnDisco pack, they were not privileged to a copy of it.
I found that surprising.
There has been no followup on DailyDave regarding these packs, good nor
bad. Below you will find a summary of the posts and exploits claimed in
each pack. That said, how does a vulnerability database handle such
claims? Should we be creating entries with the details we have? Or does
this amount of exploit code in one place suggest it may not be fully
legit?
Thoughts from the madmen?
--
http://archives.neohapsis.com/archives/dailydave/2005-q1/0290.html
[Dailydave] ANNOUNCE - VulnDisco Pack for CANVAS release
http://www.gleg.net/download/VULNDISCO.pdf
To summarize:
Remotes in this version:
Windows
[0day] Ipswitch IMail buffer overflow Vendor URL: http://www.ipswitch.com
Notes: remote exploit for certain IMail service.
[0day] MaxDB WebAgent stack overflow
Vendor URL: http://www.mysql.com
Notes: remote exploit for MaxDB WebTools wahttp service.
[0day] Pragma Fortress buffer overflow
Vendor URL: http://www.pragmasys.com
Notes: remote exploit for Pragma Fortress SSH server.
Unix
[0day] Exim 4.43 stack overflow
Vendor URL: http://www.exim.org
Notes: exploit for published AUTH SPA stack overflow.
[0day] ntpd buffer overflow
Vendor URL: http://www.ntp.org
Notes: remote root for certain configurations of ntpd
[0day] Samba buffer overflow Vendor URL: http://www.samba.org
Notes: remote exploit for certain configurations of smbd
[0day] Sun ONE ASP buffer overflow
Vendor URL: http://www.sun.com
[0day] Sun ONE ASP arbitrary file retrieval exploit Vendor URL:
http://www.sun.com
Denial of service attacks
[0day] FreeBSD/NetBSD/OpenBSD kernel remote DoS
Vendor URL: http://www.freebsd.org, http://www.openbsd.org,
http://www.openbsd.org Notes: remote crash&reboot for certain configurations of
*BSD kernel
[0day] fam remote DoS
Vendor URL: http://oss.sgi.com/projects/fam/
Notes: remote crash for certain configurations of fam
[0day] Ipswitch IMail remote DoS
Vendor URL: http://www.ipswitch.com
[0day] Kerio MailServer remote DoS
Vendor URL: http://www.kerio.com
Notes: remote crash in Kerio MailServer
[0day] MDaemon remote DoS
Vendor URL: http://www.altn.com
[0day] LSASS.EXE remote DoS
Vendor URL: http://www.microsoft.com
[0day] MySQL 4.x server remote DoS
Vendor URL: http://www.mysql.com
http://archives.neohapsis.com/archives/dailydave/2005-q1/0340.html
[Dailydave] VulnDisco Pack for CANVAS v1.1 is available
New remotes in this version:
[0day] Ethereal heap overflow (proof of concept)
[0day] Miranda IM buffer overflow
[0day] MDaemon buffer overflow
http://archives.neohapsis.com/archives/dailydave/2005-q2/0008.html
[Dailydave] VulnDisco Pack v1.2 for CANVAS is available
New remotes in this version:
[0day] PHP remote DoS
[0day] OpenSSL remote DoS
[0day] NSS heap overflow (proof of concept)**
http://archives.neohapsis.com/archives/dailydave/2005-q2/0087.html
[Dailydave] VulnDisco Pack v1.3 for CANVAS is available
New remote in this version:
[0day] SIMA - Samba remote root
More information about the VIM
mailing list