[bf1942] [BF42] EXPLOIT!
Phillip Marzi
webmaster at ravencity.de
Wed Feb 25 20:41:51 EST 2004
No, it is not public yet because the guys who said that they have the
exploit are not interested in making it public. At least that's what they
said to me.
The picture shows a hlsw window (server monitoring tool) and a shell with
some text output of bf server variables.
The last line of the output is a short text which says that the server is
vulnerable.
I've talked to someone who had said he had the code and asked him to
demonstrate the exploit on my linux server, but the exploit had done really
nothing, at least on my server which has the actual bf server version running.
After he had noticed that nothing happened to the server he told me that it
only works on linux server older than 1.6RC2 or on windows servers.
Phillip
At 19:53 25.02.2004 -0500, you wrote:
>At 01:38 AM 2/26/2004 +0100, you wrote:
>
>>Smells like a hoax if you ask me.
>>
>>I'd wait with the insertion of code into my binaries and I recommend
>>everyone else doing the same.
>
>
>I don't know about a hoax but I completely agree with your recommendation.
>Editing code in a panic on the basis of one email to a list would be
>unwise. For all we know at this point, the address was spoofed and the
>edit is the exploit.
>
>I am not suggesting it is, just that anything can happen. That link brings
>up a 404 page for me and I can't find a word about it on any of the
>security sites, Google or Yahoo. If it does exist, it is not in the wild yet.
>
>Rick
>
>
>
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.591 / Virus Database: 374 - Release Date: 2/17/2004
More information about the Bf1942
mailing list