Updated Undercover Exploit List

Well, it looks like the latest Powerpoint exploit gets added to my list of "undercover vulnerabilities." That leaves me with the following:

New Addition (11 total since 1988):

Old List:

  • 12/29/05 – WMF. (public information)
  • 2/7/05 – Mailman directory traversal. (credit: ilja van Sprundel)
  • 11/16/04 – Twikis search.pm. (credit: ilja van Sprundel)
  • 12/04/03 – Rsync. (credit: David Goldsmith, Matasano)
  • 11/20/03 – do_brk() overflow. (credit: David Goldsmith, Matasano)
  • 3/18/03 – WebDAV. (publicly available information)
  • 9/3/98 – SunOS ToolTalk. (credit: TQBF, who never got the beer…)
  • 4/24/96 – rpc.statd. (double credit: TQBF – thanks again.)
  • 11/2/88 – Sendmail (credit: David Goldsmith, Matasano)
  • 11/2/88 – Fingerd (credit: David Goldsmith, Matasano)

Honorable Mention (which don’t quite make the list because the vulnerability information was not discovered due to an active exploit):

  • RealServer ../../../ overflow
  • Any of the Immunity VSC releases (Mac OS X Kernel Local, anyone?)
  • Samba bug that HDM got hacked with… [this may get elevated, I am not sure]
  • [Credits: Dave Aitel and Anton Chuvakin for the information]

2 comments for “Updated Undercover Exploit List

  1. July 23, 2006 at 9:57 pm

    On “Zero Day” Exploits

    Just wanted to bring this one to the attention of my readers: Pete Lindstrom maintains this list of public “zero-day” situations from “olde times” to now. Spire Security Viewpoint: Updated Undercover Exploit List If you know of anybody who was…

  2. July 27, 2006 at 3:58 pm

    Updated Undercover Exploit List

    Latest Addition (12 total since 1988): 2/4/05: Minix FTP Vulnerability (credit: Ilja van Sprundel, confirmed by Al Woodhull) Old List: 7/11/06 – Powerpoint 0day. (public information) 12/29/05 – WMF. (public information) 2/7/05 – Mailman directory trave…

Comments are closed.