CORE Security Advisory CORE-2003-0307 - A remotely exploitable heap overflow vulnerability has been found in the Snort stream4 preprocessor module which allows remote code execution if a snort sensor picks up an exploit packet. Vulnerable versions include Snort 2.0 versions prior to RC1, Snort 1.9.x, 1.8.x, and IDS's with snort embedded. Includes information on exploitation using hping.
dfed14afc923672fedae803a8b7cc07e21bc0d52931be34ba0d08d9c33e81c92
CORE Security Advisory CORE-20020528 - Remotely exploitable Buffer overflows and Authentication bypass bugs were found on the Linksys BEFW11S4 Wireless router and other devices. Tested against Linksys BEFW11S4, BEFSR41, BEFSR11, BEFSRU31, BEFSR81, BEFN2PS4, and BEFVP41. Includes exploit information.
1b1c0be0a7f7d1da1fdec59acc0f6affc05ddea2d39f38d573b76c54accf1c30
CORE Security Advisory CORE-20020528 - CORE SDI found two serious remote vulnerabilities in systems running CDE ToolTalk (rpc.ttdbserverd). The first vulnerability allows remote attackers to delete arbitrary files, cause a denial of service, or possibly execute arbitrary code or commands. The second vulnerability allows local attackers to overwrite arbitrary files with contents of the attacker's choice.
75504d1c72ac1b9946b79d6ddf007725e904b7ac631f6419d6c49bad30d4a5d3
CORE Security Advisory CORE-20011001 - Another globbing problem has been discovered in Wu-FTPD, allowing a remote user to execute arbitrary code. Affected versions include: all Wu-FTPD versions through 2.6.1, Wu-FTPD 2.7.0 snapshots, and FTP server programs derived from Wu-FTPD.
b2af010437f4826bb1eed002d7911ab9a56a1c96980ee85e3944582ce2cdbcf9
ORE SDI Security Advisory CORE-20010207 - SSH1 CRC-32 compensation attack detector vulnerability. In 1998 a design flaw was fixed in SSH1 which allowed an attacker to inject malicious packets into an SSH session. In fixing this bug, a new vulnerability in deattack.c was created which allows remote attackers to execute arbitrary commands on the server. OpenSSH prior to v2.3.0 is vulnerable, as are ssh.com's ssh-1.2.24 through 1.2.31, and F-Secure SSH-1.3.x.
fdc00415fdba450c4d5644f7ad33db0ce3a7dd4e86d112d5602ed9d33c296ded
CORE SDI Security Advisory CORE-20010116 - SSH protocol 1.5 session key recovery vulnerability. An attacker who obtains all the encrypted packets of a session can obtain the session key and decrypt the stored session, or even alter it if it is still active. Some SSH2 servers which fall back to SSH1 are also vulnerable. OpenSSH and SSH2 from ssh.com is not vulnerable.
a78ea5475621a69079002d160cd0ae72cd81f9445059bac41af7e7560de10a54
Core-SDI Advisory CORE-20001116 - A memory contents disclosure vulnerability was found on RealNetworks RealServer which will give out information about the server configuration, runtime memory data and tokens and authentication credentials. This information allows an external attacker to possibly obtain administrative access to the server or to data belonging to other user sessions. Fix available here.
c2d5b9a6f8bb847c26085737a31823a5af9c5e39178425d25ff41f683ab6f4fe
Core SDI Advisory CORE-20001026 - Netscape iPlanet webserver contains a directory traversal vulnerability and the administrator password is stores in clear text.
300fb8de9aa07985bdbd7012195021afed7dec5be63cb0b052c0a0dcd55162b7
Core SDI Advisory CORE-20001023 - The "MySQL Database Engine" uses an authentication scheme designed to prevent the flow of plaintext passwords over the network and the storage of them in plaintext. For that purpose a challenge-response mechanism for authentication has been implemented on all versions of MySQL. The authentication mechanism is not cryptographically strong. Each time a user executes this mechanism, information allowing an attacker to recover this user's password is leaked. Fix available here.
0da0ee191f40700e2b923a6e12d334f1e0e930fd9cb2f89a2bfd92adeafda30e
CORE SDI Security Advisory - SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided for that purpose has a vulnerability that could allow any remote attacker to execute arbitrary code on the vulnerable machine with privileges of user "nobody".
f680f55bfc32747ee179bacde9f8d0a084560d975d1acee0c089638742207f41
Core SDI Vulnerability Report For BEA Weblogic's Proxy - BEA's Weblogic server contains several buffer overflow which allow a remote attacker to execute arbitrary code on the system running the proxying web server as root on unix and as system on NT.
adc8dd33a9472b5d880597828e25334cbf516288499f6f81d3fb6a22f2279f5d
CORE SDI Security Advisory - NAI Net Tools PKI Server vulnerabilities. While investigating the exploitability of a buffer overflow in the Net Tools PKI Server from Network Associates Inc. we discovered three new vulnerabilities not fixed by hotfix 1, including buffer overflows and format bugs which allow remote attackers to execute arbitrary code. Perl proof of concept exploit included.
851d469fd06907ffafd8c19e1da95cdb05443f7df3e7b6b1b7fd894c41df184f
Core/SDI discovered a second buffer overflow in the implmementation of the RSA algorithm in RSAREF2 from RSA Data Security. This advisory addresses the details of the bug discovered, the details are somewhat focused on the ability to exploit the bug in SSH compiled with RSAREF2, but its extensible to any software product that uses RSAREF2.
527168062ffc62dfc807ebe43c1e9bb63bab56ab4c45d4ed0623b4acd4bf4dcc
bind.zip
f17e488c0c801621ecd63b74af7e652186700c4ee248b28f4257f6c42f322d1a
core-sdi-04.ssh.insertion
5625eb1cba7829529def286acddcd302a0c191ff43d26442a0350d9e787e74ce
SunNIS+.zip
aca03b5313ee1857f64e68fec78e5cc0390e1f9b12511ff60beb0b204f54f607