Cisco Security Advisory - This advisory highlights three vulnerabilities found in the CiscoSecure Access Control Server for Windows NT. The first bug is a buffer overflow in the CSAdmin module that allows a malicious user to execute arbitrary code or crash the module by sending an oversized packet to TCP port 2002. The second vulnerability involves sending an oversized TACACS+ packet to the CiscoSecure ACS thereby creating an unstable condition within the system conducive to denial of service attacks. Lastly, the enable password can be bypassed to gain unauthorized access to a router or switch if the interaction is between an LDAP server that allows null passwords and a CiscoSecure ACS for Windows NT. All releases of CiscoSecure ACS for Windows NT Server up to and including 2.1(x), 2.3(3), and 2.4(2) are vulnerable. CiscoSecure ACS for UNIX is not affected.
c230ea8e43185ba2ece9c31b2ac308f4498d45ee881a3a4a2f35e0351d9bdc5fMicrosoft Security Bulletin (MS00-067) - Microsoft has released a patch for the "Windows 2000 Telnet Client NTLM Authentication" vulnerability in the telnet client that ships with Microsoft Windows 2000. The vulnerability allows a malicious user to obtain cryptographically protected NTLM logon credentials from another user by creating a HTML document that, when opened, attempts to initiate a Telnet session to a rogue telnet server. Microsoft FAQ on this issue available here. By
34c0e50c48ca898fba0caa41c3a1760910f4f14b482584bf5b5a60d7a1017fb5The virtual private network daemon vpnd is a daemon which connects two networks on network level either via TCP/IP or a (virtual) leased line attached to a serial interface. All data transfered between the two networks are encrypted using the unpatented free Blowfish encryption algorithm. Functional overview available here.
06c9ef950e12a1ff05a6ef5cb69bbc937c548492d3d5baa9cec8315e126f9cd6Webonycer is a tool to assist newbies in chaining proxies.
d3e7b4559630143fbdf0e9a515c0715a6f02fdb5b46438a0828b187a92b994f6Synnergy Laboratories Advisory SLA-2000-14 - The BSD/Linux telnet client has a stack overflow which is not usually a security problem, except in the case of a restricted shell environment which allows users to set environment variables and run telnet. Perl proof of concept exploit included.
edc44b44131a6f19bee4f950cce7723477469f167ee3406d25923487214db406
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed