Packet Storm new exploits for April, 2001.
1ee99a479d4700f9ed4ba3fc1f4a5c8f7734614567248a0d84cc0031c6ff919fNovell Border Manager Enterprise Edition 3.5 remote denial of service attack. Sends 256+ SYN's to TCP port 353.
151fcdb66c1879a5f063dde6c0d4e7a4d0ebc3ae5887d7c236aae3bc6b13e312Andrisk Security Advisory 2# - Cerberus FTP Server 1.05 for Windows 9x/NT allows remote users without accounts to view any file on the server.
ac36f5c4f40ea379968ee64d982cb79cad04d53d8808bf71cd2833ea937ccc41The Unix versions of the PerlCal CGI script have vulnerabilities which allow website visitors to view any file on the webserver. Exploit URL included.
6008fabe1a329e1cad455aa8c84eeb5e7a5393d69a639699c592aa9613882bafIrix Netprint local root exploit. Exploits netprint's -n option. Tested on IRIX 6.2, but should work on other versions.
e1b15bb0206ea96a407bd99676b571620fc56bbe407ca2fe157fa97b328c6b5bA bug in FTP server v0.25 for Windows 9x/NT has a bug which allows remote users to download and view any file on the system.
910a99610a7baee20dce791605ca8060728ec4d8313637c82ca433e38c3120c8Hylafax (/usr/libexec/fax/hfaxd) format string local root exploit. Tested on hylafax-4.0pl2-2.
27326b522b9dab8a30cd201131238bab6559ce649d75129f48fd4a1556aa0ffeIIS Unicode graphical exploit for Windows. This is an updated version of Unisploit1.0-FireLust which has more cool stuff.
7001b497fb792bdfb74ef2a47fefe2e51fb5b4b9c317143fd9521347b0356319Securax / Hexyn Security Advisory #19 - FTP Server Denial Of Service tested on Serv-U FTP Server, G6 FTP Server and WarFTPd Server. The servers will freeze for about one second, and the CPU usage will go through the roof. Includes perl exploit.
2d2c1f7da07480b818ba73c4939a20bb83cb1d28705c9d63c332c2c8acb5f5feSecurax / Hexyn Security Advisory #18 - Savant WWW Server is an HTTP server for Windows 9x/NT. A bug allows any user to change to any directory, and in most cases, execute MS-DOS commands.
6f737629eeb7c998b7477e842ffe7e837b20a277e54d231e927e0c33aa58dc9bSecurax / Hexyn Security Advisory #17 - Bison FTP Server is an FTP server for Windows 9x/NT. A bug allows any user to change to any directory.
51cbeefe5885ffa571c47f49a694aff56ebe3391b705e2d1ab287c0dd17fcb5aSecurax / Hexyn Security Advisory #16 - G6 FTP Server is an FTP server for Windows 9x/NT. A bug allows any user to change to c:\ and sub directories.
43d9198ebb5fa6616439c99764fe5b23245afb02e05b085d7cf0550c2d427b77Securax / Hexyn Security Advisory #15 - G6 FTP Server is a popular FTP server for Windows 9x/NT. A bug allows any user to change to the directory G6 was installed in. Due to good programming, the only way to exploit this bug is by viewing the full installation path. Downloading the user-file (Users.ini) is impossible.
8f913b2f91d2258ffaa0aeccb96c5ccf8854a601e46af43354cba4bda021b2e3TalkBack.cgi directory traversal remote exploit.
396c1d51895015c18e8733df3f237702266c9de2fd99fca89addccdee7fc09e6Cfingerd prior to v1.4.2 remote root format string exploit. Includes information on finding offsets. Tested against Debian cfingerd v1.3.2, 1.4.0, 1.4.1, and RedHat 7.0 cfingerd 1.3.2.
27d6d03e401bbc5d64121d7bf098b55babef4798dff575768d01cd2abac1b648Unidebug is another exploit for the begging-to-get-patched IIS unicode bug. Takes advantage of the DOS/Win debug.exe to create binary files on the remote site.
8e17e7b0f8c5238e4b25523275f6838f53fb410606405d67218f8f95d39afcd6Georgi Guninski security advisory #43, 2001 - It is possible to execute Active Scripting with the help of XML and XSL even if Active Scripting is disabled in all security zones. This is especially dangerous in email messages. Though this is not typical exploit itself, it may be used in other exploits especially in email. To use the demonstration, disable Active Scripting and click here. If you see any message box you are vulnerable.
c7fe5497623b82391c2f6f8c4e0d6f0cddd8405282c73ba789be9d2a1a709bdcRemoving the SUID bit from xlock causes enter to work as a password to unlock the screen for all users except root. With no SUID bit it can no longer read /etc/shadow, creating a blank .xlockrc, causing enter to be a valid password.
7a3fc00fea0ff0994ae858e317eefc68874f30058a8c8af694cc82126a795089Fancylogin 0.99.7 buffer overflow exploit. Fancylogin is usually not +s so this exploit isn't that dangerous. Tested on debian potato and kernel 2.2.18 and 2.2.19.
29d03dc71d859bbe4e1a2875ecdcaa1d77c2adb10f17069da1e18b83a08771c0Security flaw in Linux 2.4 IPTables using FTP PORT - If an attacker can establish an FTP connection passing through a Linux 2.4.x IPTables firewall with the state options allowing "related" connections (almost 100% do), he can insert entries into the firewall's RELATED ruleset table allowing the FTP Server to connect to any host and port protected by the firewalls rules, including the firewall itself. Advisory available here.
ae3602a2f75b24ef995eb290537dc514837d292b96235e884dbb43f17d8b9bccFreeBSD-4.2-Stable ftpd GLOB remote root exploit in perl. This version requires user access and writeable home dir without chroot.
d9d003dd6fbf397662aaadea0cda37b79f4f487bbe81f0f4dca4c6995f5cb632Denial of Service in Microsoft ISA server v1.0 - Microsoft ISA Server 1.0 on Windows 2000 Server SP1 is vulnerable to a simple network-based attack which stops all incoming and outgoing web traffic from passing through the firewall until the firewall is rebooted or the affected service is restarted. Exploit URL's included.
9d02d2508ec99a83764ebc8949250bbaa3f6a7f94d64565ec9d94e4721d64d5dOpenBSD 2.x remote root GLOB exploit w/ chroot break. It is possible to exploit an anonymous ftp without write permission under certain circumstances. This is most likely to succeed if there is a single directory somewhere with more than 16 characters in its name. With write permissions, one could easily create such a directory.
5e2903fcb27602a8d106b23765838518455a5fb29fed0495120e4cdf16853274Georgi Guninski security advisory #42, 2001 - By double clicking from Window Explorer or Internet Explorer on filenames with innocent extensions the user may be tricked to execute arbitrary programs. If the file extension has a certain CLSID, then Windows explorer and IE do not show the CLSID and only the harmless looking extension. Demonstration available here.
4343d6e471cf14bde5baebc0d0bf30f0bf01a8f1220ae414f85aef130a942a42FreeBSD v4.2 ftpd remote root exploit. Uses a GLOB vulnerability. Requires an account on the machine. Compiles on FreeBSD, Linux, and Solaris. Includes information on finding offsets.
540b154821aa64ba0fdf0fbba86a254d332881eacb9247606a8b7fde62483b1e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed