Twenty Year Anniversary
Showing 1 - 14 of 14 RSS Feed

Files from David Goldsmith

Email addressdaveg at
First Active2000-02-02
Last Active2004-07-14
Atstake Security Advisory 04-07-13.1
Posted Jul 14, 2004
Authored by David Goldsmith, Atstake | Site

Atstake Security Advisory A071304-1 - 4D WebSTAR versions 5.3.2 and below suffer from numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources. These include a remotely exploitable pre-authentication FTP overflow, directory indexing of any directory on the host, file disclosure of PHP.INI, and local privilege escalation and file overwrite via symbolic links.

tags | advisory, overflow, local, php, vulnerability
MD5 | 46a6d79962855470a1303bb27c4b5f7c
Atstake Security Advisory 04-05-03.1
Posted May 7, 2004
Authored by David Goldsmith, Atstake, Dino Dai Zovi | Site

Atstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.

tags | advisory, overflow, root, protocol
systems | apple, osx
advisories | CVE-2004-0430
MD5 | 5de2bae707073a58346e46a1633898bb
Atstake Security Advisory 04-02-23.1
Posted Feb 24, 2004
Authored by David Goldsmith, Atstake | Site

Atstake Security Advisory A022304-1 - The ppp daemon that comes installed by default in Mac OS X is vulnerable to a format string vulnerability. It is possible to read arbitrary data out of pppd's process. Under certain circumstances, it is also possible to 'steal' PAP/CHAP authentication credentials.

tags | advisory, arbitrary
systems | apple, osx
advisories | CVE-2004-0165
MD5 | d6b94cbbeede03a57a36522e07c9415f
Atstake Security Advisory 04-01-27.1
Posted Jan 29, 2004
Authored by David Goldsmith, Atstake | Site

Atstake Security Advisory A012704-1 - The version of TruBlueEnvironment that is shipped with Mac OS X 10.3.x and 10.2.x takes the value of an environment variable and copies it into a buffer without performing any bounds checking. Since this buffer is stored on the stack, it is possible to overwrite the return stack frame and execute arbitrary code as root.

tags | advisory, arbitrary, root
systems | apple, osx
MD5 | ef3249d227b311b24f7d6ae925005c3a
Atstake Security Advisory 03-10-28.3
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site

Atstake Security Advisory A102803-3 - It is possible to cause the the Mac OS X kernel prior to v10.3 to crash by specifying a long command line argument. While this primarily affects local users there may be conditions where this situation is remotely exploitable if a program which receives network input spawns another process with user input. It is possible to use this condition to dump small portions of memory back to an attacker.

tags | kernel, local
systems | apple, osx
MD5 | bef10aee5d88035bc65507a618971cbb
Atstake Security Advisory 03-10-28.1
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site

Mac OS X prior to v10.3, if running with core files enabled, allows local attackers with shell access to overwrite any file and read core files created by root owned processes.

tags | shell, local, root
systems | apple, osx
MD5 | ac6a7fa0e8348991b06323304526a603
Atstake Security Advisory 03-08-07.2
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site

Atstake Security Advisory A080703-2 - tcpflow, the network monitoring tool that records TCP sessions in an easy to use and view manner, contains a format string vulnerability that is typically unexploitable.

tags | advisory, tcp
MD5 | ca93fa9e4f55ae6a7bc8a23a5c4cc902
Atstake Security Advisory 03-08-07.1
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site

Atstake Security Advisory A080703-1 - Both IPNetSentryX and IPNetMonitorX come with three helper tools that each have security issues associated with them. The first two tools: RunTCPDump and RunTCPFlow allow arbitrary users to monitor the network without requiring any form of authentication or privilege. The third tool, tcpflow (executed by RunTCPFlow), contains a format string vulnerability, allowing arbitrary commands to be run as the user calling the program. Since RunTCPFlow is setuid root and will pass arguments to tcpflow, we can execute arbitrary commands as root.

tags | advisory, arbitrary, root
MD5 | e895c3e6c19786b601cabf6cc3f79ebd
Atstake Security Advisory 03-05-12.1
Posted May 13, 2003
Authored by David Goldsmith, Jeremy Rauch, Atstake | Site

Atstake Security Advisory A051203-1 - The Apple AirPort XORs a password with a fixed maximum of 32 bytes against a predefined key. If a password is set to one character, a simple sniff of the 32 byte block will reveal 31 bytes of the XOR key. The final byte can be obtained by XORing the obfuscated first byte against the first character of the plaintext password.

tags | advisory
systems | apple
MD5 | 40ac67afe52c63da1895de09b86cabe7
Atstake Security Advisory 03-04-10.1
Posted Apr 11, 2003
Authored by David Goldsmith, Atstake | Site

Atstake Security Advisory A041003-1 - MacOS X DirectoryService, which runs setuid as root, uses a system() to execute the touch command without properly using a full path. Due to this, a local attacker can execute commands as root.

tags | advisory, local, root
MD5 | 876a06bd3f427e6075863d1a3273c0a5
Atstake Security Advisory 03-02-14.1
Posted Feb 19, 2003
Authored by David Goldsmith, Atstake | Site

Atstake Security Advisory A021403-1 - Mac OS X v10.2.3 contains a local root vulnerability in the TruBlueEnvironment portion of the MacOS Classic Emulator, which is suid root and installed by default.

tags | local, root
systems | apple, osx
MD5 | 03fd6ebae2a65a1b65ef812e828ad599
Posted Oct 31, 2000
Authored by David Goldsmith, Brian Carrier, Rex Warren | Site

Atstake security advisory - This advisory describes a vulnerability that exists in Cisco Systems Virtual Central Office 4000 (VCO/4K). There is a vulnerability in the SNMP interface that allows an attacker to enumerate username and obfuscated password pairs for the Telnet interface. Since the obfuscation method used on the passwords is reversible, administrative access to the VCO/4K can be obtained. Perl proof of concept exploit included.

tags | perl, proof of concept
systems | cisco
MD5 | 9d929ac325e18d64da5ced7de35202cb
Posted Feb 2, 2000
Authored by David Goldsmith

Instructor is a 32 bit instruction set auditor. By sequentially executing every 32 Bit OpCode, one can find instructions that might have adverse effects on operating environments. For example, Instructor was used to find the non-privileged halt instruction.

tags | tool
systems | unix
MD5 | 5f92e56f1b7fb479c3c294ecb2d89457
Posted Feb 2, 2000
Authored by David Goldsmith | Site

instructor.c is an OpenBSD 2.5 DoS attack which attempts to execute every 32 bit instruction. It is useful for people who are trying to find hidden features, or hidden bugs in their hardware or operating system. Many "features" have been found with this program.

tags | exploit
systems | openbsd
MD5 | adc48ea9beb10ed2b301804d23e2ef8b
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By