New Additions to double the number:
- 12/04/03 – Rsync (credit: David Goldsmith, Matasano)
- 11/20/03 – do_brk() overflow (credit: David Goldsmith, Matasano)
- 11/2/88 – Sendmail (credit: David Goldsmith, Matasano)
- 11/2/88 – Fingerd (credit: David Goldsmith, Matasano)
(These last two were in the Morris Worm. Since I was at The Basic School in Quantico, VA at the time, I don’t have first-hand knowledge here. Some of the resources I reviewed seemed a bit vague on whether these bugs were fairly well-known or not. Please feel free to clarify in comments or via email.)
- 12/29/05 – WMF.
- 3/18/03 – WebDAV. (publicly available information)
- 9/3/98 – SunOS ToolTalk. (credit: TQBF, who never got the beer…)
- 4/24/96 – rpc.statd. (double credit: TQBF – thanks again.)
Honorable Mention (which don’t quite make the list because the vulnerability information was not discovered due to an active exploit):
- RealServer ../../../ overflow
- Any of the Immunity VSC releases (Mac OS X Kernel Local, anyone?)
- Samba bug that HDM got hacked with… [this may get elevated, I am not sure]
- [Credits: Dave Aitel and Anton Chuvakin for the information]
Updated Undercover Exploit List
Well, it looks like the latest Powerpoint exploit gets added to my list of undercover vulnerabilities. That leaves me with the following: New Addition (11 total since 1988): 7/11/06 – Powerpoint 0day (public information) Old List: 12/29/05 – WMF. (publ…