Well, it looks like the latest Powerpoint exploit gets added to my list of "undercover vulnerabilities." That leaves me with the following:
New Addition (11 total since 1988):
- 7/11/06 – Powerpoint "0day" (public information)
- 12/29/05 – WMF. (public information)
- 2/7/05 – Mailman directory traversal. (credit: ilja van Sprundel)
- 11/16/04 – Twikis search.pm. (credit: ilja van Sprundel)
- 12/04/03 – Rsync. (credit: David Goldsmith, Matasano)
- 11/20/03 – do_brk() overflow. (credit: David Goldsmith, Matasano)
- 3/18/03 – WebDAV. (publicly available information)
- 9/3/98 – SunOS ToolTalk. (credit: TQBF, who never got the beer…)
- 4/24/96 – rpc.statd. (double credit: TQBF – thanks again.)
- 11/2/88 – Sendmail (credit: David Goldsmith, Matasano)
- 11/2/88 – Fingerd (credit: David Goldsmith, Matasano)
Honorable Mention (which don’t quite make the list because the vulnerability information was not discovered due to an active exploit):
- RealServer ../../../ overflow
- Any of the Immunity VSC releases (Mac OS X Kernel Local, anyone?)
- Samba bug that HDM got hacked with… [this may get elevated, I am not sure]
- [Credits: Dave Aitel and Anton Chuvakin for the information]
On “Zero Day” Exploits
Just wanted to bring this one to the attention of my readers: Pete Lindstrom maintains this list of public “zero-day” situations from “olde times” to now. Spire Security Viewpoint: Updated Undercover Exploit List If you know of anybody who was…
Updated Undercover Exploit List
Latest Addition (12 total since 1988): 2/4/05: Minix FTP Vulnerability (credit: Ilja van Sprundel, confirmed by Al Woodhull) Old List: 7/11/06 – Powerpoint 0day. (public information) 12/29/05 – WMF. (public information) 2/7/05 – Mailman directory trave…