More information on the vulnerability described in ms99-061, a problem in IIS that causes it to parse invalid escape sequences, allowing a carefully made string to bypass IDS systems, ISAPI filters, and extension handlers. Includes a perl script to test for vulnerability.
ef40568ad6b25c2ee06d8471ee964346dcb723886938cecd3b91cb78e396a9a0
Unixware 7 Vulnerability - Any local users can exploit a bug in rtpm to gain "sys" privileges.
67a0fa19005aafa9242d3fbfa9e854feb7e4cfe89d0badb133bbc369c9e2471e
Recovery of supposedly erased data from magnetic media is easier than what many people would like to believe. A technique called Magnetic Force Microscopy (MFM) allows any moderately funded opponent recover the last two or three layers of data written to disk. Wipe repeadetly overwrites special patterns to the files to be destroyed, using the fsync() call and/or the O_SYNC bit to force disk access.
80556ae453a20cddc8f5722425fb2bd0f65d1c6a47fed3a6f710036dfdc64aca
reltunnel - Offers a reliable data channel over unreliable protocols.
441ede0a7fa2af972ab873891120c2ef966f24a225fcbbd4ca2fc7cc2a51320d
icmptunnel encapsulates data in ICMP frames. The usual mode of operation is tcp/ip forwarding, one icmptunnel will be set up on a blocked machine (behind a firewall) listening on TCP/IP port X. The other icmptunnel will be set up on a nonblocked machine (somewhere on the internet) connected to a local service (such as port 23, telnet). Data received on the blocked machine's tcp/ip socket will be encapsulated in an ICMP packet of users choice (ICMP_ECHO, ICMP_ECHOREPLY, ICMP_TIMESTAMP, etc..) and sent to the nonblocked machine. This machine will identify the packet as encapsulated data, decapsulate the data and forward it on to its tcp/ip socket connected to the telnet daemon. The telnet daemon responds with some data, icmptunnel on the nonblocked machine encapses the packet and sends it back to the blocked machine (ICMP type still user definable).
e414eb5c22d711054cf1a16559c6d88f0e38880d80e83e40f639eca897217a32
LinGate is a powerful network gateway software. It provides security to your networks, allowing access to external world in safe and secure manner. LinGate has access control mechanism to restrict access to its services. It can even perform different services for requests from different IPs on the same LinGate port. Once setup, LinGate requires no operators, and can be configured remotely using KLinGate interface which will be designed for KDE and jLinGate which will be designed for the Java platform.
899374fb1e9db1eada77929718f86176ae9e101b02e78b44115646b49085903a
Firewalking is a technique developed by Mike Schiffman and David Goldsmith that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. Firewalk the tool employs the technique to determine the filter rules in place on a packet forwarding device. The newest version of the tool, firewalk/GTK introduces the option of using a graphical interface and a few bug fixes.
abca0e11c8a13b172277159c158ef59459718014b5ddb721b1854918bb4d79e9
Fork Bomb Defuser is an easily loadable kernel module for Linux which detects, logs, and disables "fork bombs". It allows you to configure max_forks_per_second and max_tasks_per_user parameters at module load time. Any possible fork bomb that attempts to spawn a huge number of processes simultaneously is detected in real time, and the fork bomb is disabled.
d19bf461b3abf88a4b41ca410eb230f5c7e9d431093ec5c02324bd436fa21d5f
Secure FTP (sftp) implements a file transfer protocol using ssh/rsh as the transport mechanism. When the client is invoked, a remote shell is spawned and the server is run. sftp is mainly useful over a secure ssh session since passwords are not exposed. It also has the advantage that no root access is required, since the server runs as a user process.
e303ca7e6994901dfff9ed6e49e557e57f6593de2cef71b1d5b212fe0dd555f3
Secure Sunos shell script. Disables a few commonly exploited holes.
322c583635c8fbd0e1b5abdf4a0e7777cc242083eecc4248c2fff3b71da1ffb2
Aps is a small tool for analyzing network traffic. It prints out a great deal of information about the relevant protocols including TCP, UDP, and ICMP. It allows you to filter IP addresses, hardware addresses, ports, and specific protocols.
a1e4551b59a005abbced8537c5ac1d052efca6863efed3e41688db0cc14a0c1e
Every single file available on buffer overflow mentions that strcpy(), etc, but for some reason no one has noticed that 'cin >>' is also a problem. cin is an extremely commonly used function in C++ code, and it ought to be more widely known that the favoured use of it is insecure. Ditto for improper use of an ifstream.
5c686b480f99fe136628c3a0fcc4f2d535211911ea90f0bb9272f37fb9849850
Forbidden Knowledge issue 8 - Interesting Wardialling Results, HTTP Basic Authentication explained, Dialout/PPP on Shiva LANRovers, PHEAR Advisory Re: Divine forces, Buffer Overflow Explained, Introduction to Assembly Programming, and Fun with "Trojan" Wingates.
3cdbc67db303054ebbbb9406564765b9aae03634d5136a1182fba501b77290dd
The Real Log Clean for Linux OS - Cleans logs under linux and tests the attributes in Ext2fs.
d4951b8435f5e9459b7093cfd71f19f94acf17d0720fd17a57b68b16a7834907
Nsat is a fast bulk security scanner designed for long-range scans written in C++ which scans and audits about 60 different services and 170 cgis with different scan intensity. Updates in this version include detection of sendmail 8.9 remote exploitability, more CGI scripts that can be used in MDAC IIS attack, improved rpc service and -backdoor scanning, all latest solaris RPC vulnerabilities added, and detection of trinoo distributed DoS masters with default ports.
6f56824e13f9d05aa0eb1eef2be048cfcf35fd35354da8cabd0ade5d70de5df4
Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt. Source / Binary for exploit here.
8476e3395c6fecc15aafd8b57e0bb242327bfc69dc4e3b9eeb1f05d3ec39b892
SAINT (based upon SATAN) is a free network security scanner which runs on UNIX platforms. This release includes all of the new checks found in SAINT 1.4.1 beta 1, with additional checks for sadmind, Trinoo, DRAT backdoor, SSH, and QPOP vulnerabilities. This release also fixes a number of bugs that were present in earlier versions.
bf88bdd422c8df45101172dc8a96d08b94cb7070955e97c8a943d1a46f8d749c
A vulnerability in IBM's Network Station Manager will allow any local user to gain root privileges.
aac4438238668b605585d43fcc4b4f4ebe45a72c09a4cd9071962bc28a93d82b
A vulnerability in "/usr/local/bin/pis" on SCO UnixWare will allow any user to create arbitrary files with group "sys" privileges. A full root compromise is then trivial.
6bb80262134ac8ffccd94ff0c09ebbb892bf91d48a90d119fec119e35aea2470
VeteScan is a bulk vunerability scanner containing programs to scan Windows NT and UNIX systems for the latest trojans/remote exploits, a scanner for the vulnerabilities of single hosts (with or without host checking), a tool for scanning multiple hosts, a scanner for class A/B/C networks, and fixes for various vulnerablities.
7522eda3ae4057bf5ab063908bddf4940b3eb3f57314d621557d93e939f8e97d
The Vetestcl package contains various TCL scripts with the same functionality found in the VeteScan package. You can load the scripts within an Eggdrop bot to make sure none of your channel operators or hosts running IRC bots suffers from security vulnerabilities present in the operating system or user space applications.
4415f7854f0c05907942a8740e47bdef17d76304af2563a549b0a1c406e89663
w3-msql (miniSQL 2.0.4.1 - 2.0.11) Solaris x86 remote exploit. Distribution of miniSQL packet (http://hughes.com.au) comes with a cgi (w3-msql) that can be xploited to run arbitrary code under httpd uid.
e538616d4a13d2a4606a6853e879530a658b5ddefbf3256ac599a2700782b79d
Redir is a port redirector. Its functionality basically consists of the ability to listen for TCP connections on a given port, and, when it recieves a connection, to then connect to a given destination address/port, and pass data between them. It finds most of its applications in traversing firewalls, but, of course, there are other uses. It can run under inetd or stand alone (in which case it handles multiple connections). It is 8 bit clean, not limited to line mode, is small and light.
7ea504f835338e448f674ca8637512f511bf74538418ad43ab39039017090e6c
5ESS maintenance docs part ii
cb72bcf7a1787dcc4f0a82bac3bd676f456fdad16d0916daf5e79b72800f51ef
More 5ESS Documentation
6a7b1bd1fe92afb1892e87b05b7df530092bc12bb21615e15c4025462027c901