Packet Storm new exploits for January, 2003.
05e9bf140090db0cdb886afeb952996de9fc46088acb9fcee3c4fd94972e4c8dCups v1.1.17 and below remote exploit which spawns a shell as lp. Modified version of the original sigcups.c exploit.
5a88fad62d69412d2762fa193f415a3d84cba3182a07cc0ff828178c6b46a28dThe at utility in Solaris has name handling and race condition vulnerabilities. Using the -r switch to remove a job allows an attacker to remove any file on the filesystem as root. Although at filters out absolute paths, a simple ../ directory traversal maneuver allows an attacker to remove files out of the allowed boundary.
a1784e9527e8a56be1b234c7034c3ab545ca36e2fe248fa59675016423982b32PlatinumFTPserver, the server engine that runs as an application on Windows 9x and a service under NT/2K/XP, has a directory traversal vulnerability that allows remote attackers to enter directories that reside outside the bounding FTP root directory. Another vulnerability exists which allows an attacker to commit a DoS against the server. Version affected: 1.0.7. Version Unaffected: 1.0.8.
c7ace983a16f1593ea028a5dac902b90df0c5d6b3660d969f8a1ce3ae3aa446eHypermail 2, a popular tool that converts mails into html, has two buffer overflows. One exists in the hypermail program itself and another is in the CGI program mail. The overflow in the main program can be overflowed by sending an email while the CGI program can be overflowed by a DNS server being populated with faulty information. Versions affected: 2.1.3, 2.1.4, 2.1.5, possibly others. 2.1.6 is not affected.
61a11ef37ef28b1b5d6f5cb454068252442924f04a265874f41380b4830f4637ISC dhcpd v3.0.1rc8 and below remote root format string exploit. Tested against Debian 3.0, Mandrake 8.1, Red Hat 7.2, 7.3, and 8.0, and SuSE 7.3. Includes the option to check for vulnerability on any platform by crashing the service.
dc98b1acb4120f20825c608246e44cb64ff5010e26e9ed5cbf306e84e6158122Middle2.c allows you to recover SMB password in clear text (from the network) when they should be encrypted. It operates a man in the middle attack with complete traffic redirection which does not need forwarding with transparent proxy. Tested under linux Debian 3.0.
18f22c6992e48334f8c4b0ca6be36741d629ca0678cb948420ade1db050b284eStunnel v3.15 - 3.21 remote format string exploit. Tested against Red Hat 7.2, 7.3, 8.0, Slackware 8.1, Debian GNU 3.0, and Mandrake 9.0. More information on the bug available here.
532b98b86e389878816da8e1e91e5367bcb977b9463a85ff0fd56f7f70b0b4fdPHP 3.0.16 and below remote format string exploit for Linux/x86. Gives a uid=nobody shell. File logging must be enabled for this exploit to work. Includes offset brute forcing and instructions for finding offsets.
f8889150d30826db631280ac6c92c44dad3ef711b843e0bf21d413cdc2f3a9eeTanne v0.6.17 remote root format string exploit for Linux/x86 which has been tested against Redhat 6.1, 7.0, and 8.0. Tanne is a secure http session management tool sometimes used in online banking.
da9f92a56a163886c4fa2c4713b9b1b4479b84cef14ca23a9215b34ebff7284fS8forum GPG remote exploit in java which emulates a shell with the privileges of the web server.
6342a6fd1f38dcf1c43fb0d0655ae621b3266214cdc4e9874d5d0732191bf60bEfstrip is an exploit for the efstool vulnerability. Unlike other exploits for this vulnerability, Efstrip is robust, doesn't need a wide range of attack options, and doesn't need brute forcing. It actually ./works.
a0fa492bfaf986c0a0bcba194d566ba90078b5c1cf124df1293a16b9fb3336b6The S8forum v3.0 allows remote users to execute commands on the webserver. Includes exploit instructions and patch included.
30057e99c24735c79779fce73a458ca76ecbcde0426e92f90b9db9f2e1b9e561Cups v1.1.17 and below remote exploit which spawns a shell as lp. Tested against Gentoo Linux with cups-1.1.17_pre20021025 installed.
fd6664e13f9fdddcf6bf6c5f5bab39ed00c719fa6c0d965f76c0958998152656Mysqlsuite includes three tools which take advantage of the vulnerability in check_scramble() function of mysql described in mysql.4.0.5a.txt. Mysqlhack allows remote command execution with a valid mysql user and pass. Mysqlgetusers allows you do a dictionary login-only attack to find other users. Mysqlexploit spawns a shell on port 10000 on vulnerable linux mysql servers with a valid mysql login and pass and writable database. Fixed in Mysql v3.23.54.
5c2113bbb28fb3db28e5790a86c03b3c83871154d3a6e756b9d3bbcc18b27f48Smart Search CGI remote exploit in perl which attempts to spawn netcat listening with a shell.
041548a5386dcb8a831010770b868c0816b690100bcfde2bdb33e64959bd23d6Crashms exploits the microsoft-ds bug and crashes windows machines via tcp port 445. Sends many 10k blocks of NULLs, causing blue screens on unpatched Windows 2000 boxes with microsoft-ds running on port 445.
76d264a71d11fe7e7cc4f6e42545ed890402ae980da59da4b8a1a8cce3ad3211
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed