When scp'ing files from a remote machine, the remote scp daemon can be modified to overwrite arbitrary files on the client side. Scp from ssh-1.2.30 and below is vulnerable. Proof of concept scp replacment included.
c83fdb97397307f495d1cef7e5ab8dc8f8740692dccebe8deaaee85d3f5a2fe1BindView Security Advisory - Windows NT 4.0 and 2000 contain multiple vulnerabilities in the LPC ports, as described in ms00-070. Implications range from denial of service to local promotion.
e24169f769ff08b95674ca0b151e7ca48901eed39216c7984e0e4d0e2e4797aeOpenBSD 2.7 local root exploit for /usr/bin/fstat + libutil exploit. Tested against OPenBSD 2.7 i386.
0871c02f9900cd9d31c6b18d39964674456feb034d0b15de1647853203cc0096Red Hat Security Advisory - The old BSD-based lpr which we shipped with Red Hat Linux 5.x and 6.x has a recently discovered local root format string bug in its calls to the syslog facility.
68ca43a21f3236c79d794da9e4d510f760089a9d493a6ac04145e637f94c261eSnort2HTML v1.5 converts Snort Intrusion Detection System logs into nicely-formatted HTML.
c585d4e20fc71f2ee6d79241605c53963ed072a83ff76bc69cb7464c01834cb6Red Hat Security Advisory - LPRng has a string format bug in the use_syslog function. This function returns user input in a string that is passed to the syslog() function as the format string. It is possible to corrupt the print daemon's execution with unexpected format specifiers, thus gaining root access to the computer. The vulnerability is theoretically exploitable both locally and remotely.
83027cf3896158dff0e111b901dcbc0f01589231168753a60836df217b877264Crackwhore 2, a basic HTTP verification application that will test website security. Includes an exploit vulnerability scanner and an FTP root crack utility. IRC chat function, language-packs, text export and more features have been implemented.
1e30dcb8eaadbc4ed04814583cb51fc3b09b2fd51eeb524bb2bc169fe85fa391Easy Advertiser v. 2.04 Remote Exploit. The stats.cgi script used in Easy Advertiser has an insecure open() that allows this exploit to bind a shell to port 60179 running with user priviledges that the webserver is run as. Netcat is needed locally to use this.
3039f45d2afe1dffcacaeeaa10a0cd1ac319430fdfef2be12356e97c5078f50bInternet Security Systems (ISS) has identified vulnerabilities in several utilities that ship as part of the Groff document formatting system package.
fbb240e9e8f7090ddc8625ef09174331b3b248f794fec3695f392bdad9961a77OpenBSD Advisories - There is a format string vulnerability present in the pw_error() function of OpenBSD 2.7's libutil library can yield localhost users root access through the setuid /usr/bin/chpass utility. Affected versions: OpenBSD versions through 2.7. FreeBSD 4.0 is vulnerable, but patches have been backported, and FreeBSD versions 4.1 and 4.1.1 are safe.
c4dc0e1f0cf54500d97b341679ab07d2223bed756a6b56374ca34a7169f219cdMicrosoft Security Bulliten (MS00-070) - Microsoft has released a patch that eliminates several vulnerabilities in Windows NT 4.0 and Windows 2000. There is an "Invalid LPC Request" vulnerability which can cause the affected system to fail, an "LPC Mempry Exhaustion" vulnerability which can deplete the affected system's memory, and a new variant of the "Spoofed LPC Port Request" vulnerability which could allow a malicious user create a process that runs at the priviledge level of the already running process. FAQ can be found here
5d8c5735773152f383166a43c106f08d4a2aa27f464e7f28a521342c91a0ba65Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.
7eb53ae562976f11c699ea7d32f06b6d6652df89793f8b483f7147dafb7bff43
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed