[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IPS] PUTTY SSH-Client Exploit

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [IPS] PUTTY SSH-Client Exploit
From: Daniel Alcántara de la Hoz <seguridad@xxxxxxxxxxxxxx>
Date: Sat, 28 Dec 2002 15:51:46 -0000
Delivered-to: mailing list bugtraq@xxxxxxxxxxxxxxxxx
Delivered-to: moderator for bugtraq@xxxxxxxxxxxxxxxxx
Delivery-date: Sat, 28 Dec 2002 20:22:28 +0100
Envelope-to: bugtraq@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

-----------------------------------------------------------
I-PROYECTOS  Division Seguridad (Security Research)
-----------------------------------------------------------
   2003 seguridad@xxxxxxxxxxxxxx

   Proof of concept code / Exploit
-----------------------------------------------------------
 
 In December 16, 2002 Rapid 7.Inc released a security alert about
vulnerabilities in ssh2 implementations from multiple vendors. We have
used the concept to code this exploit/proof of concept.
 
 It's a fake server to exploit the putty client. To test it you need to
change the url in the shellcode; that file will be downloaded and run
on exploitation.
 
 This is intented for educational/testing purposes.
 
 -----------------------------------------------------------
Developed by:
             Rand ( jcamilleri@xxxxxxx )
             Dani ( dani@xxxxxxxxxxxxxx )

Attachment: IP-putty.c
Description: Binary data

Prev by Date: GLSA: cyrus-sasl
Next by Date: PHRACK #60 HAS BEEN RELEASED
Previous by thread: GLSA: cyrus-sasl
Next by thread: PHRACK #60 HAS BEEN RELEASED
Index(es):
- Date
- Thread