[VIM] update: VulnDisco

security curmudgeon jericho at attrition.org
Wed Jun 8 03:51:42 EDT 2005

Updating with new vulnerabilities. The 'sample pack' advertised has 3 
vulnerabilities, and is free to current CANVAS customers.

---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: vim at attrition.org
Date: Sat, 14 May 2005 07:01:49 -0400 (EDT)
Reply-To: Vulnerability Information Managers <vim at attrition.org>
Subject: [VIM] discuss: VulnDisco

Evgeny Demidov of GLEG posted to DailyDave announcing the release of their 
"VulnDisco" pack. This is a pack of exploits for the CANVAS framework, released 
by Aitel & Immunity. According to PDF, this pack contained a wide variety of 
0day exploits. Since then, he has followed up with three updates that include a 
few more exploits each time.

Before anyone replies, consider this. I mailed Dave Aitel and asked if he could 
verify that this pack of vulnerabilities were legit. Since they are a CANVAS 
framework based set, I figured he of all people could authenticate Evgeny's 
research. Dave replied and said he had not tested any of it, and in fact, had 
not received a copy. While Immunity was a reseller of the VulnDisco pack, they 
were not privileged to a copy of it. I found that surprising.

There has been no followup on DailyDave regarding these packs, good nor bad. 
Below you will find a summary of the posts and exploits claimed in each pack. 
That said, how does a vulnerability database handle such claims? Should we be 
creating entries with the details we have? Or does this amount of exploit code 
in one place suggest it may not be fully legit?

Thoughts from the madmen?


[Dailydave] ANNOUNCE - VulnDisco Pack for CANVAS release

To summarize:

Remotes in this version:


[0day] Ipswitch IMail buffer overflow Vendor URL: http://www.ipswitch.com
Notes: remote exploit for certain IMail service.

[0day] MaxDB WebAgent stack overflow
Vendor URL: http://www.mysql.com
Notes: remote exploit for MaxDB WebTools wahttp service.

[0day] Pragma Fortress buffer overflow
Vendor URL: http://www.pragmasys.com
Notes: remote exploit for Pragma Fortress SSH server.


[0day] Exim 4.43 stack overflow
Vendor URL: http://www.exim.org
Notes: exploit for published AUTH SPA stack overflow.

[0day] ntpd buffer overflow
Vendor URL: http://www.ntp.org
Notes: remote root for certain configurations of ntpd

[0day] Samba buffer overflow Vendor URL: http://www.samba.org
Notes: remote exploit for certain configurations of smbd

[0day] Sun ONE ASP buffer overflow
Vendor URL: http://www.sun.com

[0day] Sun ONE ASP arbitrary file retrieval exploit Vendor URL: 

Denial of service attacks

[0day] FreeBSD/NetBSD/OpenBSD kernel remote DoS
Vendor URL: http://www.freebsd.org, http://www.openbsd.org, 
http://www.openbsd.org Notes: remote crash&reboot for certain configurations of 
*BSD kernel

[0day] fam remote DoS
Vendor URL: http://oss.sgi.com/projects/fam/
Notes: remote crash for certain configurations of fam

[0day] Ipswitch IMail remote DoS
Vendor URL: http://www.ipswitch.com

[0day] Kerio MailServer remote DoS
Vendor URL: http://www.kerio.com
Notes: remote crash in Kerio MailServer

[0day] MDaemon remote DoS
Vendor URL: http://www.altn.com

[0day] LSASS.EXE remote DoS
Vendor URL: http://www.microsoft.com

[0day] MySQL 4.x server remote DoS
Vendor URL: http://www.mysql.com

[Dailydave] VulnDisco Pack for CANVAS v1.1 is available

New remotes in this version:

[0day] Ethereal heap overflow (proof of concept)
[0day] Miranda IM buffer overflow
[0day] MDaemon buffer overflow

[Dailydave] VulnDisco Pack v1.2 for CANVAS is available

New remotes in this version:

[0day] PHP remote DoS
[0day] OpenSSL remote DoS
[0day] NSS heap overflow (proof of concept)**

[Dailydave] VulnDisco Pack v1.3 for CANVAS is available

New remote in this version:

[0day] SIMA - Samba remote root

[Dailydave] VulnDisco Sample Pack 1.1

New remotes in this version:

[0day] Ethereal heap overflow
[0day] TCPDUMP DoS

More information about the VIM mailing list