New Additions to double the number:
- 12/04/03 - Rsync (credit: David Goldsmith, Matasano)
- 11/20/03 - do_brk() overflow (credit: David Goldsmith, Matasano)
- 11/2/88 - Sendmail (credit: David Goldsmith, Matasano)
- 11/2/88 - Fingerd (credit: David Goldsmith, Matasano)
(These last two were in the Morris Worm. Since I was at The Basic School in Quantico, VA at the time, I don't have first-hand knowledge here. Some of the resources I reviewed seemed a bit vague on whether these bugs were fairly well-known or not. Please feel free to clarify in comments or via email.)
- 12/29/05 - WMF.
- 3/18/03 - WebDAV. (publicly available information)
- 9/3/98 - SunOS ToolTalk. (credit: TQBF, who never got the beer...)
- 4/24/96 - rpc.statd. (double credit: TQBF - thanks again.)
Honorable Mention (which don't quite make the list because the vulnerability information was not discovered due to an active exploit):
- RealServer ../../../ overflow
- Any of the Immunity VSC releases (Mac OS X Kernel Local, anyone?)
- Samba bug that HDM got hacked with... [this may get elevated, I am not sure]
- [Credits: Dave Aitel and Anton Chuvakin for the information]
Updated Undercover Exploit List from Spire Security Viewpoint
Posted by: knight gold | June 12, 2010 at 05:58 AM