Re: exploit code targeting OpenSSL and Mod_SSL ?

Take a look at this page :

http://lists.netsys.com/pipermail/full-disclosure/2002-September/001913.html

It's an exploit for the KEY_ARG heap overflow in mod_ssl under Apache written by Solar Eclipse.

It is provided with a good documentation on how to exploit the vulnerability.

Regards,

Geoffroy Raimbault
Information Security Consultant
http://www.lynx-technologies.com

• Original Message ----- From: "John" <johnccosta@yahoo.ca> To: <vuln-dev@securityfocus.com> Sent: Tuesday, April 15, 2003 4:18 AM Subject: exploit code targeting OpenSSL and Mod_SSL ?

>
>
> Is anyone aware of the existence of exploit code in the
Received on Tue Apr 15 17:08:54 2003

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek