Packet Storm new exploits for March, 2001.
cae3d0f36a25e813a0f839c9249a6484dc2ecb7de9f567b52d0cb991f80dec30
Georgi Guninski security advisory #40 - Security bugs in interactions between IE 5.x, IIS 5.0 and Exchange 2000. If a malicious web page is browsed with IE it is possible to list the directories of arbitrary IIS 5.0 servers to which the browsing user has access. Under certain circumstances it is also possible to read the user's email or folders if it is stored on an Exchange 2000 server with web storage (it uses IIS 5.0). It is also possible to create (or probably modify) files on the Exchange 2000 server with web storage. Example exploit included.
205a751214009b7efd4735ff3f131ee63a782759f29f253d522602889ff54916
ASPSeek by SWSoft allows remote users to view any file on the webserver via a /../ bug.
2c9c13f9ddeafd7f77286ec885d5a0c1c90811b41c5ed7a4739c36827378aed7
Remote buffer overflow exploit for ASPSeek by SWSoft. Tested against Aspseek v1.0.3 running on Red Hat 6.2.
40271d0a0a1c672f23d3696e35a8917d11de100ed2ed1f211f17056c48582a15
Manhole.c is a local exploit for man. Bypasses non-executable stack patches. Tested against Slackware 7.1, Debian 2.2, SuSE Linux 6.3, 6.4, and 7.0.
b32fee5b8f0541b923bba863ebc9590b72a8761937384914e6a9a4755ba32d11
IIS 5.0 / Windows 2000 WebDAV remote denial of service exploit - Sends a specially crafted request, as described in MS01-016.
025cc976603fe7243eaee030053fb6e90d63847d20684126b98f538d5ccadbca
Named v8.2.x remote root exploit - Uses the tsig bug. Only includes linux shellcode.
d5e607468e5db97a21778c60ad95951a67c88c8da40feb92ff587708b01bae99
This code exploits a bug in the glob() function used in some ftpd's (like proftpd, netbsd ftpd, iis ftpd). It sends a 'ls' command for which will take up about 100% of a systems memory, creating a very effective dos.
7f1cdb3862da20f5231d975f2a3cbd7fb8960b8beeaf13ca49ae65058f1a1479
ftpsed.pl is a perl script which exploits a denial of service vulnerability in Proftpd v1.2 and below. Requires a username and password.
697c7292c32b0c1b43a2055599df28cd1aac80583e074fdfabc4a4b2853e3725
Joe 2.8 local exploit - Requires sysadmin intervention. Tested on FreeBSD 4.2-Release.
f9e4feab1aeef09555b1b33372679785c883b5a1fe388035f561b68cdbce1373
Suq Diq v1.00 is a remote exploit for IBM Net.Commerce, WebSphere and possibly other IBM and Lotus applications as well. These products use Tripple DES with a fixed key by default, allowing remote users to gain the usernames and plaintext passwords of all Net.Commerce accounts. Exploit URL's included.
456ddf7f21b031b28f2dde450649305feb794560bd860f5ff50870ac332465dc
OpenSSH-2.2.0 remote exploit - Includes a wrapper to brute force the offset.
69c2cf51173e0fc8e778c6301220d383a260b74f3973fc7a977063b57e64b674
Local exploit for /usr/X11R6/bin/ascdc v0.3-2-i386 which overflows the -c switch.
369413df47f94becaec9f4e8410f671ac2ad5558dfd1fab00aa597cde7c8de5d
Ssh-brute.sh brute force guesses root's password without being logged. See CLABS200101 for more information.
34a2ea4480def21b403c2fd9c6919e2668f38694db9dcdf4b311ad50c963ce9f
Imapd v12.264 remote exploit for Red Hat - Exploits an overflow in the LSUB command, which requires an account. Tested on Red Hat 5.1, 5.2, 6.0, 6.1, and 6.2 with IMAP4rev1 v10.223, v11.241, v12.250, and v12.264.
1542948361aa96f2782cdf5b46132faf343b4b47b03acc2ca5766e95cbac1002
SFGate v5.1 p11 gives sensitive information by allowing one to view a few lines of text from a file via an error message. Exploit URL included.
23b5c6dbb7d9d41d0c055527d9384a23aad5711aa8f39bede3e03ed4ad3d3715
PHP-Nuke v4.4.1a contains remote vulnerabilities because arbitrary information can be passed to MySQL via the saveuser() function and several others. It's possible for the attacker to change the e-mail address of one of the users and ask for the password to be sent to the e-mail address that the attacker have provided. Exploit URL included.
f3655876593a5a07c6c44ecd5198383aba17f78fc2b0cb266d390629ca65c07b
FreeBSD 3.5.1 and 4.2 ja-elvis and ko-helvis (ports packages) local root exploit. Both come with a utility called elvrec that is installed suid root by default.
7c88100f599842056224afe39698572f91d9ba0b60da1ce3bee4d4c02ae4b7e3
A quick fix against RFP2101 - PHP-Nuke v4.4 and below allows users to steal accounts via sql hacking.
639d6d1811b57d832ff7d2af027ae6435b390d7af484799883c2ef25deafedf7