Packet Storm new exploits for July, 2003.
f30e71405e81c32a5acb4be617f791784c6cc8f8eafa46dcda3b28944c276f45
Half-Life client versions 1.1.1.0 and below (including all MODs based on the game, such as Counter-Strike and DoD) remote exploit that will pose as a server that overwrites the stored return address but does not attempt any command execution.
44be5c2e6e78147a8f0de38d21ea6b80522c6cf03abe697bdec7874a3dbeb2c3
Half-Life server versions 1.1.1.0 and below (including all MODs based on the game, such as Counter-Strike and DoD) remote exploit that will cause a denial of service.
706fd5353b5e853ceb8c02e4e9e1f109f309a18a74c35359fd60bc19a2ff4254
lockdev 1.0.0 local exploit that escalates privileges to group lock. Tested against RedHat 7.3, 8.0, and 9.0.
d0afaca473e2a2cea7605ae7ca0fee0eb61359d67f42b7273ea99dfa14d03b2b
DCOM remote exploit utilizing the issue discussed here. Covers Microsoft Windows NT SP6/6a (cn), as well as Windows 2000 SP0-4 (cn) SP0-2 (jp) SP0-2,4 (kr) SP0-1 (mx) SP3-4 (Big 5) SP0-4 (english) SP0 Server (english), and Windows XP SP0-1 (english) SP1 (cn) SP0-1 (Big 5). Modified by sbaa.
ce4477817dd7877597f0f89a169f5f8a3cfa8f3f08363bbd31bcf7bbc15209b8
Version two of this paper discussing more shatter attacks that are possible using SEH memory locations to escalate privileges in Windows. Exploit code included. Related information available here.
612a9a5519a9d7da1fa8a00f1bcf9fc1be3a52c2d4df149c08548435c64b009b
Apache 1.3.x using the mod_mylo module version 0.2.1 and below is vulnerable to a buffer overflow. The mod_mylo module is designed to log HTTP requests to a MySQL database and insufficient bounds checking in mylo_log() allows a remote attacker to gain full webserver uid access. Remote exploit for SuSE 8.1 Linux with Apache 1.3.27, RedHat 7.2/7.3 Linux with Apache 1.3.20, and FreeBSD 4.8 with Apache 1.3.27 included.
35db86fbefd818ae72497d5bec23002b6922e45da53d40b85d2ee31a56599032
A demonstration of ELF relocation.
15f16677b70d453d8baa3551f84c1a7dff88f2b60f14e3269391e42b8eeba9fb
Thorough analysis of the buffer overrun in the Windows RPC interface that was discovered by the Last Stage of Delirium. Exploit included for Windows 2000 SP4 Chinese version.
6a46de63d03e6910e4235d4653d7f7572b05b83813037adebbcf6a580f52cbe1
Remote root exploit for samba 2.2.7a and below using reply_nttrans(). Written for the Linux x86 platform.
d92d52b7bdffc81559e9c811bfbce60c3ac57434a8318be8a5f08c724eaa127b
Windows port of the remote exploit utilizing the DCOM RPC overflow originally coded by H D Moore.
98186a16043a537eb59eec975695e217b9043d1747d7a414c37c888c6b72be38
Remote exploit utilizing the DCOM RPC overflow discovered by LSD. Includes targets for Windows 2000 and XP. Binds a shell on port 4444.
aac1c914909b279cffcee8699eff0774f5962b99d0dbd3ed2a80f12fa7a64d4a
An interesting bug in the Mitel Voice Over IP system that allows an attacker to discover phone numbers calling through the DHCP server.
1ed33fcc27a383016afe3811d1aa56ff46a4cdcfdf95bf1b10d6082b6b4ffcdb
PHP-G
078015488d26f1dd993259eac78f9ecdbd1e53a886fe906982d804667e0be8e6
Remote denial of service exploit making use of the vulnerability found in DCOM under Windows.
d713c961d2e4c5c929651f387787d375feb82aa68cc35f126fa794fd0d189fdf
Remote exploit for miniSQL version 1.3 and below that achieves privilege escalation root gid.
e3637acdc0aea734e04f3ed1cd756e1015ef7c75c0c7bf4b03ee10155c796dc7
Remote buffer overflow denial of service exploit for the Netware Enterprise CGI2PERL.NLM.
33d051b502f0487617368e88328921009574f44a7495c5805d2770bd46b2cdd0
Local root exploit for bru, or Backup and Restore Utility for Unix, that makes use of a stack overflow.
b98536c6e1a3e49c1d82ad082df3d8a82a78354fe1ccb3989ef8cca6e6886949
Remote exploit that causes a denial of service against Cisco IOS versions 11.x through 12.x using hping.
ee5ef965a35512f6ae78eac1c150398e389314685ce19d3ba481e10963977966
Remote exploit that causes a denial of service against Cisco IOS versions 11.x through 12.x.
37a691c8e16a90cbca5f21e63a4f772dc638cb64899187173170371ebdbe5ddc
Proof of concept local exploit for gnats version 3.113.1_6 tested on FreeBSD 5.0. If successful, escalates privileges to gnats.
2b31b10d89b57698e84d31e47881d7d90cf4391690ee56926c5a87a74db28850
Local root exploit for bru, or Backup and Restore Utility for Unix, that makes use of a stack overflow. Includes both Linux and FreeBSD targets.
afa4cb86c25ccd524dc32cd373bbf79e895145dd4fd8d42831a2f91bc8fc0f25
Remote exploit that will cause a denial of service against Cisco routers and switches. Warning: Broken.
b71891bc30993e6966706f90564e4f9b83853b36b2f7b37f73045a53631830d8
Zone-H Security Advisory ZH2003-11SA - Elite News version 1.0.0.0-1.0.0.3 Beta allows direct access to various system files which enables an attacker to retrieve the administrator login name, then utilize that name on another page to set a cookie that will be referenced by yet another page that allows an attacker to post as the administrator.
15b0010175329a204e9968c5e50f2759f6d246f310258aa395f5fc303d0bc6e8
The Splatt Forum engine allows html code insertion for the post icon form input.
6a997a7fd6c6056a6317e6c215a6608c822b8076ec2b127e14bf5b37bb4e7d46