Full Disclosure mailing list archives
Re: ProFTPD-1.2.9rc2 remote root exploit
From: "Larry W. Cashdollar" <lwc () vapid ath cx>
Date: Fri, 24 Oct 2003 12:24:24 -0400 (EDT)
On Fri, 24 Oct 2003, Philipp Buehler wrote:
If shellcode matches 0x72, 0x6d, 0x2d and 0x66 .. always be "alerted" :>
Also, if the exploit requires root and it's only calling connect() thats another tip off. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: ProFTPD-1.2.9rc2 remote root exploit, (continued)
- Re: ProFTPD-1.2.9rc2 remote root exploit qobaiashi (Oct 24)
- Re: ProFTPD-1.2.9rc2 remote root exploit upb (Oct 24)
- Re: ProFTPD-1.2.9rc2 remote root exploit Jedi/Sector One (Oct 24)
- Re: ProFTPD-1.2.9rc2 localhost delete kang (Oct 24)
- Re: ProFTPD-1.2.9rc2 localhost delete dilema (Oct 24)
- Re: ProFTPD-1.2.9rc2 remote root exploit Cael Abal (Oct 24)
- Re: ProFTPD-1.2.9rc2 remote root exploit Rob Lewis (Oct 24)
- ProFTPD-1.2.9rc2 remote root exploit Jean-Kevin Grosnakeur (Oct 24)
- RE: ProFTPD-1.2.9rc2 remote root exploit GARCIA Lionel (Oct 24)
- Re: ProFTPD-1.2.9rc2 remote root exploit Philipp Buehler (Oct 24)
- Re: ProFTPD-1.2.9rc2 remote root exploit Larry W. Cashdollar (Oct 24)
- Re: ProFTPD-1.2.9rc2 remote root exploit zero (Oct 24)
- Re: ProFTPD-1.2.9rc2 remote root exploit Philipp Buehler (Oct 24)
- RE: ProFTPD-1.2.9rc2 remote root exploit amebix (Oct 24)
- Re: ProFTPD-1.2.9rc2 remote root exploit qobaiashi (Oct 24)