Microsoft Security Bulletin (MS00-071) - Microsoft has released a patch that eliminates the "Word Mail Merge" security vulnerability in Microsoft Word 2000 and 97. If an Access database is specified as a data source via DDE in a Word mail merge document, macro code can run without the user's approval when the user opens that document. If a user could be enticed into opening a specially constructed mail merge Word document, which was provided either as an e-mail attachment or as a link hosted on a hostile web site, it is possible to cause arbitrary code to run on the user's machine. Microsoft FAQ on this issue available here.
0cd0e76c9fc262e940c3b9329f4e6bdea41b100bfef5268bcee164d6ea8944f1Immunix OS stackguard evading LC glibc + su + msgfmt local root exploit. Tested on Immunix OS (Stackguarded Redhat 6.2). Patch available here.
e2922ba11b17fe95138d9bdf5612999e7ad04919271ca894dc28a29b7d779223Slackware Security Advisory - Wu-ftpd version 2.6.0 has a remote root hole in it. Upgrade to version 2.6.1.
f4c05db6315d143fbaaf2f0b26c1d45ca2251c59d6c6289431c39597f229591cThe CSM proxy server's siteblocker feature can be bypassed by setting up your web browser to use an external proxy.
e7564b58eccb78edb12f6980edcd391652d37e7de62a42f6bb64c4d3abc3abf3OpenBSD 2.6 local / remote denial of service attack. Sends a large number of ARP packets, causing the kernel to run out of memory and panic. Only works on machines connected to the same network segment.
c315e76c3370cc028713b496c13dfe8221b257801769c58c9b190e32627b5f03/usr/bin/traceroute local root format string exploit for LBNL traceroute, distributed with Red Hat 6.1/6.2 and Debian 2.2.
eac8e33beaa9da34d3ff79bf6a8fd5f9817c277464588facdda8b802d020cab4OpenBSD 2.6 and 2.7 xlock local root format string exploit.
d9c51047e5c8a7f38729c09e87bad09d9750d4d980cea6a7b2e76cf318636dbaGeorgi Guninski security advisory #23 - Internet Explorer 5.5/Outlook allow executing arbitray programs after viewing web page or email message. This very serious vulnerability may easily lead to taking full control over user's computer. The problem is the com.ms.activeX.ActiveXComponent java object, which allows creating and scripting arbitrary ActiveX objects, including those not marked safe for scripting. Demonstration available here.
27e12e35034dfe08d65a2d1ce60a0c62b0edbb7d88eec3dfcb77203e10bad419How to become elite. Obviously, this is all you need.
b8ed0607831f8395b6ca34498348fc68a40c18df894b0869773ac6d9efd24a55Arping is an arp level ping utility which broadcasts a who-has ARP packet on the network and prints answers. Very useful when you are trying to pick an unused IP for a net that you don't yet have routing to.
673e24e8ac9aae412e3928cd2168aaf7e73e91ed2d72c5ed4a3e244ede61f2e4samhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
05bcb5c628550e899a35271dbf30846efc2a0a63a58ff46493819bb6fc95698c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed