Published: 15/03/2002 Updated: 18/10/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 766
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The dbm and shm session cache code in mod_ssl prior to 2.8.7-1.3.23, and Apache-SSL prior to 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote malicious users to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Vulnerability Trend

Vendor Advisories

Ed Moyle recently found a buffer overflow in Apache-SSL and mod_ssl With session caching enabled, mod_ssl will serialize SSL session variables to store them for later use These variables were stored in a buffer of a fixed size without proper boundary checks To exploit the overflow, the server must be configured to require client certificates, an ...


/* * E-DB Note: Updating OpenFuck Exploit ~ paulsecgithubio/blog/2014/04/14/updating-openfuck-exploit/ * * OF version r00t VERY PRIV8 spabam * Compile with: gcc -o OpenFuck OpenFuckc -lcrypto * objdump -R /usr/sbin/httpd|grep free to get more targets * #hackarena ircbrasnetorg */ #include <arpa/ineth> #include <netinet ...
/* source: wwwsecurityfocuscom/bid/5363/info A buffer-overflow vulnerability has been reported in some versions of OpenSSL The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol A malicious client may be able to exploit this vulnerability to execute arbitrary code as the vulnerable server ...
/* * OF version r00t VERY PRIV8 spabam * Version: v304 * Requirements: libssl-dev * Compile with: gcc -o OpenFuck OpenFuckc -lcrypto * objdump -R /usr/sbin/httpd|grep free to get more targets * #hackarena ircbrasnetorg * Note: if required, host ptrace and replace wget target */ #include <arpa/ineth> #include <netinet/inh&g ...

Github Repositories

Recon Usando la herramienta netdiscover, se identificó la dirección IP 1921681138 de la maquina virtual kioptrix root@kali:~#netdiscover -i eth0 -r 19216810/24 Currently scanning: Finished! | Screen View: Unique Hosts 100 Captured ARP Req/Rep packets, from 18 hosts Total size: 6000 ________________________________________________________________

Public exploits and modifications

Exploits Public exploits modifications CVE-2002-0082 Apache mod_ssl < 287 OpenSSL - OpenFuckV2c Remote Buffer Overflow Fixes compilation errors CVE-2009-3103 Remote Code Execution via "SMBv2 Negotiation Vulnerability" Fixes compilation errors CVE-2017-0143 aka MS17-010 Remote Code Execution vulnerability in Microsoft SMBv1 Fixes compilation errors CVE-2003-

Writeups for vulnerable machines.

ReadMe Contents Methodology Phase 0: Recon Phase 1: Enumerate Phase 2: Exploit Phase 3: PrivEsc Stats Counts Top Categories Top Ports/Protocols/Services Top TTPs Mapping Machines TTPs Enumerate Exploit PrivEsc Tips Tools Loot Credentials Hashes Methodology ↟ Phase #0: Recon 🡑 Goal: to scan all ports on <targetip&