additional info from the Twitters

attritionorg commented 7 years ago

Not sure if you want to integrate the following, how you want to credit, etc. So opening a ticket instead of a PR.

https://twitter.com/RevBits/status/851083571506929670 Our early analysis: "esna" is a 0day RCE for iPlanet Messaging Server.Have hardcoded offsets for different versions

https://twitter.com/buherator/status/851169307060994048 estesfox is a logwatch race condition privesc, probably CVE-2002-0162 http://www.securityfocus.com/bid/4374 (possible bug collision?)

https://twitter.com/buherator/status/851173226088730625 evolvingstrategy seems to exploit a basic SUID command injection in /var/emdg/sbin/iptaction - any ideas what this SW is?

https://twitter.com/buherator/status/851174712965312512 ./Linux/bin/EE is a remote post-auth proftpd 1.2.8 exploit

https://twitter.com/buherator/status/850710836259815424 Based on strings EXACTCHANGE looks like a kernel exploit

https://twitter.com/juliocesarfort/status/850753804790312968 /Linux/bin/apache-ssl-linux seems to be a variant of openssl-too-open.c SSL2 KEY_ARG overflow - maybe OpenFuckv2?

https://twitter.com/adriaan92/status/850746329575948289 ELECTRICSLIDE: "Heap Overflow in squid 2.5.STABLE1-2 redhat 9.0" #shadowbrokers

https://twitter.com/RevBits/status/851077319485784064 Our early analysis: sneer is a 0day remote root exploit for SunOS snmp agent, mibissa. Uses UDP. ~takes 4:04 mins

https://twitter.com/hackerfantastic/status/850797960652890112 dw.linux - this looks like a previously unknown one (0day?), RPC dmispd exploit for Solaris 6 / 7 / 8

NoahGWood commented 7 years ago

I've tested apache-ssl-linux_v1,2,3 on OpenSSL 1.0.2g-1ubuntu4.6; whatever vulnerability they were exploiting has been patched.

x0rz commented 7 years ago

You can open a PR with the following information - it's community based anyway (I didn't check all of them)

x0rz / EQGRP