Hosting Provided By

RE: exploit code targeting OpenSSL and Mod_SSL ?

From: Don Sauer <djsauer(at)swbell.net>
Date: Tue Apr 15 2003 - 17:55:44 EDT

There are also a number of calloc() overflow errors out there that affect openssl. Goto http://www.securitytracker.com and search on calloc() or openssl and you'll get a good list

-----Original Message-----
From: Joe Stewart [mailto:jstewart@lurhq.com] Sent: Tuesday, April 15, 2003 11:12 AM
To: John; vuln-dev@securityfocus.com
Subject: Re: exploit code targeting OpenSSL and Mod_SSL ?

On Monday 14 April 2003 10:18 pm, John wrote:
> Is anyone aware of the existence of exploit code in the

There's a lot of that going on right now. I wrote an analysis of one particular OpenSSL exploit kit that is circulating:

http://www.lurhq.com/atd.html

>From what I've seen, almost all of the kiddie activity on port 443
lately
based on openssl-too-open.c by Solar Eclipse.

-Joe

-- 
Joe Stewart, GCIH 
Senior Intrusion Analyst
LURHQ Corporation
http://www.lurhq.com/

Received on Tue Apr 15 17:59:37 2003

This message: [ Message body ]
Next message: Pete Finnigan: "65 Oracle security papers, articles and presentations"
Maybe in reply to: John: "exploit code targeting OpenSSL and Mod_SSL ?"
In reply to Geoffroy Raimbault: "Re: exploit code targeting OpenSSL and Mod_SSL ?"
Next in thread: Arne Ansper: "RE: exploit code targeting OpenSSL and Mod_SSL ?"
Reply: Arne Ansper: "RE: exploit code targeting OpenSSL and Mod_SSL ?"
Reply: Simayi: "Re: exploit code targeting OpenSSL and Mod_SSL ?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT

Do you need help?