Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update README.md #38

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update README.md #38

wants to merge 1 commit into from

Conversation

chuckixia
Copy link

I believe that the CVE attribution is incorrect upon spending way too much time trying to attribute this.

Update README.md
c13889e 
I believe that the CVE attribution is incorrect upon spending way too much time trying to attribute this.
@Atavic
Copy link

Atavic commented May 25, 2017

I'm curious about this attribution.

@chuckixia
Copy link
Author

so, here are your trail of breadcrumbs:
earlyshovel is listed as a 'publicly known exploit'

EQGRP/Linux/etc/opscript.txt

Line 9305 in 3381016

### publicly known vulnerability

I went and setup a redhat 7.3 machine and setup sendmail to receive remote connections
Looked at pcap, compared to the pocs available for cve 2003-0694 not the same.
There is no public poc I can seem to find related to 2003-0681

the source for earlyshovel mentions something called crackaddrbuflocation
https://github.com/x0rz/EQGRP/blob/33810162273edda807363237ef7e7c5ece3e4100/Linux/bin/earlyshovel/asprh73.py

crackaddr is not mentioned in either of the poc's or solutions for those two CVE's, but it is mentioned in Mark Dowd's vuln, as seen here:
http://www.securityfocus.com/archive/1/313757
which leads here:
http://www.securityfocus.com/bid/6991/info

and finally to these pocs:

http://www.securityfocus.com/bid/6991/exploit

which if run, bear striking resemblance to the sploit in EarlyShovel.............

so there you go.

@loneicewolf
Copy link

loneicewolf commented Feb 18, 2024
edited

so, here are your trail of breadcrumbs: earlyshovel is listed as a 'publicly known exploit'

EQGRP/Linux/etc/opscript.txt

Line 9305 in 3381016

### publicly known vulnerability

I went and setup a redhat 7.3 machine and setup sendmail to receive remote connections Looked at pcap, compared to the pocs available for cve 2003-0694 not the same. There is no public poc I can seem to find related to 2003-0681

the source for earlyshovel mentions something called crackaddrbuflocation https://github.com/x0rz/EQGRP/blob/33810162273edda807363237ef7e7c5ece3e4100/Linux/bin/earlyshovel/asprh73.py

crackaddr is not mentioned in either of the poc's or solutions for those two CVE's, but it is mentioned in Mark Dowd's vuln, as seen here: http://www.securityfocus.com/archive/1/313757 which leads here: http://www.securityfocus.com/bid/6991/info

and finally to these pocs:

http://www.securityfocus.com/bid/6991/exploit

which if run, bear striking resemblance to the sploit in EarlyShovel.............

so there you go.

thanks for posting this! I didn't see this at all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@chuckixia @Atavic @loneicewolf