On the plus side: included in the tar ball is a scanner to determine if (a|your) web server is vulnerable. You should, at least, compile that one and test your servers.
- The exploit is targeted at various OpenSSL versions hosted on various Linux distributions
- The exploit comes with 22 precalculated offsets for those versions
- The README file has a basic explanation of how the exploit works.
- The shell obtained works nicely though it takes some getting "used to" as there are no environment variables attached to the shell. (more doesn't work, vi doesn't work, etc.)
- The entire session is clear-text so it might be detected/hijacked with the proper tools (something to look at?). (How about a Snort sig?)
Note: Since I wrote this last weekend, I've found a derivative of OpenSSL-Uzi called OpenFuck and a second version of it. Each are based on Uzi's code but include the offsets for a lot more distributions (and not only Linux!)
Anyone have anything to add?