« Nothin' Doing on the Failure of Two Factor | Main | Someone Deserves a Slap on the Wrist »

Updated Undercover Exploit List

Well, it looks like the latest Powerpoint exploit gets added to my list of "undercover vulnerabilities." That leaves me with the following:

New Addition (11 total since 1988):

Old List:

  • 12/29/05 - WMF. (public information)
  • 2/7/05 - Mailman directory traversal. (credit: ilja van Sprundel)
  • 11/16/04 - Twikis search.pm. (credit: ilja van Sprundel)
  • 12/04/03 - Rsync. (credit: David Goldsmith, Matasano)
  • 11/20/03 - do_brk() overflow. (credit: David Goldsmith, Matasano)
  • 3/18/03 - WebDAV. (publicly available information)
  • 9/3/98 - SunOS ToolTalk. (credit: TQBF, who never got the beer...)
  • 4/24/96 - rpc.statd. (double credit: TQBF - thanks again.)
  • 11/2/88 - Sendmail (credit: David Goldsmith, Matasano)
  • 11/2/88 - Fingerd (credit: David Goldsmith, Matasano)

Honorable Mention (which don't quite make the list because the vulnerability information was not discovered due to an active exploit):

  • RealServer ../../../ overflow
  • Any of the Immunity VSC releases (Mac OS X Kernel Local, anyone?)
  • Samba bug that HDM got hacked with... [this may get elevated, I am not sure]
  • [Credits: Dave Aitel and Anton Chuvakin for the information]

July 16, 2006 in Threat Management |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8345207f669e200e550718a138834

Listed below are links to weblogs that reference Updated Undercover Exploit List:

» On "Zero Day" Exploits from Anton on Security
Just wanted to bring this one to the attention of my readers: Pete Lindstrom maintains this list of public "zero-day" situations from "olde times" to now. Spire Security Viewpoint: Updated Undercover Exploit List If you know of anybody who was... [Read More]

Tracked on July 23, 2006 at 09:57 PM

» Updated Undercover Exploit List from Spire Security Viewpoint
Latest Addition (12 total since 1988): 2/4/05: Minix FTP Vulnerability (credit: Ilja van Sprundel, confirmed by Al Woodhull) Old List: 7/11/06 - Powerpoint 0day. (public information) 12/29/05 - WMF. (public information) 2/7/05 - Mailman directory trave... [Read More]

Tracked on July 27, 2006 at 03:58 PM

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment