Microsoft IIS v4.0 and 5.0 contain a remote denial of service vulnerability if the server has been upgraded from v3.0. Issuing a malformed request for a certain file contained in /scripts/iisadmin can result in the webserver going into to an infinite loop, causing the web server to no longer accept requests. Microsoft bulletin available here.
4c48bae0b226218deaf38e5938232cb42629e8cd6e919da87f76a5db9e3da358sscc.tar.gz scans C source code for common insecure functions which can be exploited for buffer overflows. It finds and identifes the file name and line of the possible insecure function, taking a lot of the monotony out of auditing source code.
97dea035cefbc0cc409d93070bf3d90614f5b27ed109431070c21edec8739422qpopper 2.53 euidl x86/linux remote exploit. Includes a procedure to abuse format strings to find the correct offset. Tested on Debian 2.1, RedHat 6.1, Slackware 7, Suse 5.2 and 6.0.
d4fbf6b568b41b3a4ab5332d446981b085dcf13b1b623c727517903de3998105Libpcap is a portable packet capturing library based on the BSD packet filter (BPF). It is very useful for writing sniffers and network analyzers.
6de9cfe333f929c0479dc0100128f531216af4a19efe2d8c1b5c4930ace08590Tcpdump allows you to dump the traffic on a network. It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor the network activities. Requires Libpcap.
8543b517f7f4c327094157b7f0ff668630db98d9fcdb4b2397db29e8bcbbc11dGnuPG is a complete and free replacement for PGP. Because it does not use IDEA or RSA it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.
bc6c4db0eb98a550a83637c87d3b6914a6672d33e0d69e5e1330020abb223a24samhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
53da78706a18ff4dce9b0ee37a60fe8df981b1076074833d5e55def8f98a32c2The IPchains firewall module for Webbin lets you graphically create ipchains firewall scripts. Nearly all of the IPchains options are supported.
f0973c33b64669405a7901add9e37c1ee230af69f26651ea77e6901dea52016cmakewhatis local dos exploit - overwrites /etc/passwd as soon as makewhatis runs, usually from cron.
cdb2304ec7442f32b6ef9838ca5f9055ec18ed08472c3e7cab9d1e6986337c97Microsoft Security Bulletin (MS00-044) - Microsoft has released a patch for two security vulnerabilities in Microsoft Internet Information Server. The "Absent Directory Browser Argument" vulnerability allows a malicious user to stop the web server from providing useful service. A new way to exploit the "File Fragment Reading via .HTR" vulnerability has been found which does not strip out most of the useful parts of the ASP source which it allows remote users to view. Microsoft FAQ on this issue available here.
f8b9423316f85c8e2b02c7d798e8467c1cf37a8087884d644b021c6a60a8bc17The CGI scanner by alt3kx_h3z finds 218 remote CGI vulnerabilities.
4c4dd5c84d18986b5cc3c312f994fbf87c9e8411d0c68c2b2fc9b7b3e855b5f8md5bd.c is a shell server/backdoor that uses a md5 encrypted password to authenticate, therefore the password cannot be retrieved from the server.
a4877757ba86f16bd156b9e926a303adac81bca585de68a7f81d07662984df4fPop2d any file on the system can be read remotely on a pop2 server with a valid pop account due to a bug in the fold command.
bc54f3402bf663746da58c8465528b13c145566b70abf99486edc76930e03c5cPortcatch listens on a TCP port and records the addresses of people who connect.
990ac0e1ded4af0dbef5fd4af8912d202fbaac313ff4fb0ef2a8195c3f8b9510Directory and URL Prediction Vulnerabilities - Many websites, most notably adult-related websites offering pictures and files, leave their data open for others to see. These vulnerabilities often go undetected. This, of course may not be an issue to some, but many of these websites obtain their revenue through their sponsors, banners and membership fees. These types of vulnerabilities bypass sponsors, banners, membership sign-in areas, and most adult verification systems. For lack of better wording I have titled these types of vulnerabilities "Directory and URL Prediction". In reality, this is what it comes down to. There are many methods of exploiting these vulnerabilities, and only a few will be covered in this document. Please keep in mind that the effectiveness of these tactics depends heavily on the ineffectiveness of the website's security and design layout. I know some of you may have known these for years, but many have not. These vulnerabilities still exist today on the Internet.
d8ef59420a33e0a2d9f221128fa959272146d784f7508d8012ab1e9d158382adFreeBSD Security Advisory FreeBSD-SA-00:23 - There are several bugs in the processing of IP options in the FreeBSD IP stack, which fail to correctly bounds-check arguments and contain other coding errors leading to the possibility of data corruption and a kernel panic upon reception of certain invalid IP packets. Patch included.
3052d0a143c61fc8a86ab5e3ab43f9d0ab18e5978918a4144eb90891788886b7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed