Razor / Bindview Advisory - There is a buffer size checking related fault condition in Microsoft Windows 2000 telnet server. This vulnerability is present only if telnet service is running and plain-text logins are allowed. If there are already 4300 characters in the buffer, username length range checking does not work. Perl exploit included.
be12ffcb3f00a8aa6f4162cd3e7951feb76a5d093a8d28f0c9847b0b212e51c2Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.
72f0b876373954999b3e48c286d832d9874353833141a0ee8db15f4cd9b2c873Netsed v0.01b brings sed functionality to the network layer, allowing you to change the contents of packets traveling through your network on the fly and in a completely transparent manner. It features basic expressions and dynamic filtering, and cooperates with ipfwadm/ipchains transparent proxy rules to pick specific packets.
a04f6b235d787b1efd96ecdb398e6c8456301dbf965840e6fcbad36c68372dceVixie crontab local root exploit - an insecure fopen() call in Paul Vixie's crontab code is exploitable on systems where /var/spool/cron is user readable, such as Red Hat 6.1.
ab44f3d242c7a1c5af9df46eb9bdc3905efc1ef485b1406235d10775c03e5edeWhen scp'ing files from a remote machine, the remote scp daemon can be modified to overwrite arbitrary files on the client side. Scp from ssh-1.2.30 and below is vulnerable. Proof of concept scp replacment included.
c83fdb97397307f495d1cef7e5ab8dc8f8740692dccebe8deaaee85d3f5a2fe1Netscape Navigator is vulnerable to trivial, remote buffer overflow attack when viewing prepared html.
5e00530a07bbcee85e83bc7a5a9c024d8a58a576c2617200505e8c4098a74b86The Siemens HiNet LP 5100 IP-phone is vulnerable to a buffer overflow when the GET request method is used with a large request size. Vulnerability can lead to a partial or complete crash of phone services.
c2c3fa55e9b3b0ea73526601681a57f6551de6e2ac82d72450d780945bdf8d14Suidperl v5.00503 and below local root exploit which exploits an undocumented /bin/mail feature when perl wants to notify root on inode race conditions. Tested on Redhat 6.x/7.0.
e046c5c1d324b9945abcef32f5756e05f4d6bf70782c8cc77d62546e05aa1ec2The Netscape Professional Services FTP server contains several remote vulnerabilities which are easily exploited. Any file on the system can be downloaded / uploaded, users can overwrite each other files via LDAP, and LDAP passwords can be read remotely.
f5e86ccfbc1b2c198c0392fd914db9654935e689b9c821c6cc048bdbf3fc3fadP0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux 2.0/2.2, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
c12412c6a9ae99a45bca4816d61188e822b5b548420cec12adf7538b07a171a5INND (InterNet News Daemon) 2.2.2 has a remotely exploitable stack overflow in the control articles handler. About 80% of usenet servers are vulnerable.
1fdab59692baa167e5e89c82010248721ee6cdb5b14cc48401a4a2cd02d49432"I don't think I really love you" or writing internet worms for fun and profit.
d21298d8550cdb1dce8b32a0ad6a565a74adfde66a4bcb0a08045abe78644dd4Writing Internet Worms for Fun and Profit - The love letter worm was very crude, and proof of concept code for much more powerful worms has been written. Expect next years worms to be architecture independent, invisable to the end user, spread without user intervention, learn and launch updated worms, polymorphic with no constant code, and dissapear after it has accomplished its objective.
4814e0d3497813ef018f3be0c85104943a8f0a6b10ad19514067d20f4a5d8653Novell Netware 5.1 Remote Administration Service contains a buffer overflow that could allow an attacker to launch a denial of service attack against the system, or possibly inject code into the operating system for execution. DoS exploit included.
daeeaaf07bbd7be2d103ab1cd49ffde2eb56484860d53f34ddeeccce4add2867Many devices come from the manufacturer configured with snmp enabled and unlimited access with *write* privledges. It allows attacker to modify routing tables, status of network interfaces and other vital system data, and seems to be extermely dangerous. To make things even worse, some devices seems to tell that write permission for given community is disabled, but you can still successfully write to it. This is a list of devices with default writable configurations.
64b8dfa2a60e46777335afd3866fb129ffab8f3f3c77ea49b736b92fb1b23445Recent PAM implementations allow you to use su to rapidly crack accounts without being logged. Tested on RH 6.1.
4e4445f9726601745b246b699479483fc7dc3fcd4f33a94228ee97377938b11ansuncat 0.01b - Unix socket connectivity from the command line. (works just like netcat for tcp/udp sockets)
49088a575ee48d6c5401773d67d701fbde1b7fe01256a0d55e04ed9c19f06f5bFive new vulnerabilities have been found in Berkeley Sendmail and 'procmail'.
739a99c27c891bd518989d4459effe5d7dbae8f49924a28318fe663f8c8dbe7bExploit for vulnerabilities in sendmail 8.8.8 which hijacks incoming mail and saves it in /tmp.
bafadc740b0a5f08f59f80e1deefd74e1785d438413907c07207f431886905b3Lynx has mechanisms to avoid spoofed 'special URLs'. The protections are insufficient and can result in local compromise.
572c27a381354f90a31a76977dccc10442db4065337602fbc6a83efbba50ffb1Several silently fixed bugs in Sendmail combine to make any sendmail below 8.9.3 insecure. DOS exploit description included, more possible.
dc448e9c2e184b0972cc80f1cc2184a265473cb295116d350c21d5023e9f43e7Rather dangerous bug is present in output processing after "command substitution" in bash 1.xx. It seems to be NOT present in bash 2.0.x.
5c8907ed9a89b1176ae7bdba5929b1581c4486d8dc5359db4efc86351c1b7210Sendmail 8.x.x - any user may rebuild aliases database causing local denial of service.
ee87fe08a43899cadbac39a3e8a3cf5421bda9c8ff62986e65f41d6271f83a96
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed