Packet Storm new exploits for April, 2000.
c99c256ff819c4f91780a7fd9543561a63cf4ac7107e11f7e6f8b3b06263b4d3How AustNet's Virtual World was hacked to reveal users real IP. Slightly crippled demonstration code included. Lots of information on the austnet hack available here.
5a260b843fcd9e1fd0707a0d24a5d72030775f0f92e845feabd7e5f747913330Smart FTP v0.2 Beta denial of service.
7e53b450c8cd258654a90a3b865dcd89ba6cc7dc9badc0a0181198ea984c848ffgets() is unsafely used in qpopper version 2.53.
77180eb67bc49fa8972f894996d0a0752c4976f7670f14e763a26beb0508488fMeeting Maker is a networked calendaring/scheduling software package that's estimated to be installed on over 700,000 desktops. Clients send passwords to a Meeting Maker server encoded using a polyalphabetic substitution cipher. Included perl script will decode passwords sent over the net.
67154248285eff4f8f035d665daa2b567210290fe6363e5a280227c4204c28b5/usr/bin/lpset vulnerability in Solaris/SPARC 2.7.
738aaad04aff586acc9e1ba9f31af8433e25ab9c588436f502730bdb49b2452aredhat 6.1 /usr/bin/man exploit.
a500d368a3d864005964651a7bdc495be0ca96fa5760a567eb02ee98dd14c8e6Solaris 2.7 /usr/bin/lp local exploit, i386.
9bc5fca1cc87abb07be6db3401607d3a358e4c4094233f749f43579bcc03bce7xsun2.c is a Solaris 7 x86 local root stack overflow for /usr/openwin/bin/Xsun.
24ed4a994f23f97bc9fed03f609685836e2cbacf45625145eee480f32fadd9b6/usr/bin/lpset local root exploit for sparc.
d78747e93cc1e62a2498b1d8476bbc5f83b029adb59fc71da4f8e40156e912bbimwheel local root exploit (as discussed in RHSA-2000:016-02).
c9ef8294aec65f46d63ce7f67c062e2ee9fa22a942d8fbaa5505c062851c439dVulnerability found in cgi DNEWSWEB used for reading news groups from web. Its possible to overflow stack and read any file from remote host with web server rights. All versions and for all OSes exploitable. Example of reading file /etc/passwd for Linux included. Fixed in dnews 5.4c1, available here.
80c493b4fa962aa14ae596c3448a43d15955031505446513fe804663d836d3dedig v2.2 local buffer overflow exploit for x86 linux. Note that dig isn't suid/sgid on some platforms, yet on some it is.
9558bb85b9f1f940cb13b09af0c0a312ede194c6966ff6a071a7358a79f49ff1imapd IMAP4rev1 v10.205 remote root exploit, solaris x86. Exploits the AUTHENTICATE overflow, yielding a remote root shell.
60090c36ac8c823cce06c3173af240ef94222db30faac4df5e3b13de2c7a547brpc.nisd remote root overflow, solaris 2.4 x86. Solaris 2.5.0 and 2.5.1 work with different offset.
e7bdfe8a6620ff1c89a033090f13a3a320060779e65b74fd857bbb8857d3f829/usr/bin/lpset local root stack overflow for Solaris 7, x86.
a475a736a78b2988273182e46297cb031078a395224c65cf9e12a7ddf3c792fbxsun.c is a Solaris 7 x86 local root stack overflow for /usr/openwin/bin/Xsun.
8af8334ae766a801bf8d4fc9e432e34370f3f1ad1621d0fed7d083f188ac984fFreeBSD mtr-0.41 local root exploit.
8fb8c8be26e6cdcb84cb5bb42887b0e84ec53f58ef96682bfc2e84d893e90fd4LCDproc is a system to display system information and other data on an LCD display which uses client / server communication. The server is vulnerable to remote buffer overflow allowing an attacker to remotely execute arbitrary code or cause the LCDproc server to crash. Patch available here.
14eb38e3f0574a9702bdc7ae0cfe610a25f981b43a50cbfb49142d570cf2b5a2Windowmaker 0.62.0 buffer overflow exploit - Although wmaker is not suid by default, this code will overflow the $DISPLAY environment variable.
b98763e09a49cfb34054e919d503acf4584f861224878015ea7919bd5bb66904Microsoft Frontpage CERN Image Map Dispatcher (/cgi-bin/htimage.exe) comes by default and has three vulnerabilities. The full path to the root directory is revealed, a buffer overflow was found - remote code execution may be possable, and files on the server may be accessed.
b0db99f7c34bff25675016b7d686dc44f9d1f5c8eb5ad9df8136433793fbd28aNovell Netware 5.1 Remote Administration Service contains a buffer overflow that could allow an attacker to launch a denial of service attack against the system, or possibly inject code into the operating system for execution. DoS exploit included.
daeeaaf07bbd7be2d103ab1cd49ffde2eb56484860d53f34ddeeccce4add2867RUS-CERT Advisory 200004-01: GNU Emacs 20 - Several vulnerabilities were discovered in all Emacs versions up to 20.6, including allowing unprivileged local users to eavesdrop the communication between Emacs and its subprocesses, Emacs Lisp tempfile problems, and the history of recently typed keys may expose passwords. The following systems were tested vulnerable: Linux, FreeBSD (and probably other *BSD variants), HP-UX 10.x, 11.00, and AIX 4. Solaris and DG/UX are unaffected.
fe08f79241b1678c1e36b5f1440264f0c9a684e418e8196b305527daa89884beBindView RAZOR Team Analysis of DVWSSR.DLL - The risks of having dvwssr.dll are not as severe as originally reported in media outlets Friday morning, but still severe enough that system administrators responsible for NT systems to investigate. The risks involve whether or not a certain DLL is loaded, how rights are set, and potentially how Front Page 98 is used.
8ae1ac958cdd839a071092f69cb028444e52101f3979ebfa78fac418bae535d2Panda Security 3.0 for Windows 95 and 98 can be bypassed. Panda Security 3.0 is vulnerable to indirect registry key modifications, which allow Panda Security keys to be manipulated by any logged-on user. Because of a lack in system integrity checks, the entire software package could be uninstalled by a user. This zipfile contains demonstration exploit code.
4b4ab65d6eacf95103362259811926559f9117aa0fb5e6e59d149556106746a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed