Vulnerability auction site undermined by free exploits

It seems someone out there isn’t too interested in seeing WabiSabiLabi’s vulnerability auctions succeed. On Tuesday evening a member of the Milw0rm forums posted a proof-of-concept exploit for a Linux kernel flaw; WSLabi is trying to sell PoC code for the same vulnerability on its auction site right now, with the bidding currently at 600 Euros. In the introduction to the code on Millw0rm, the author writes: “For free!!! ( worth 600 EUR in zerobay! ).” (WSLabi has quickly acquired the nickname ZeroBay in security circles.)

It’s not clear whether the exploit on Millw0rm works, but then again, it’s free, so you don’t have to pay more than $800 to find out. WSLabi launched its vulnerability auction marketplace to much fanfare late last week, although a number of researchers and security experts have questioned the wisdom and viability of the concept.

Update: Exploit code for a vulnerability in a SquirrelMail GPG plug-in that WSLabi is selling was posted on Millw0rm Wednesday as well. That one is selling for 700 Euros on the auction site.