Microsoft Security Bulletin (MS00-071) - Microsoft has released a patch that eliminates the "Word Mail Merge" security vulnerability in Microsoft Word 2000 and 97. If an Access database is specified as a data source via DDE in a Word mail merge document, macro code can run without the user's approval when the user opens that document. If a user could be enticed into opening a specially constructed mail merge Word document, which was provided either as an e-mail attachment or as a link hosted on a hostile web site, it is possible to cause arbitrary code to run on the user's machine. Microsoft FAQ on this issue available here.
e93208985af85fdd8a37955835d08a53Immunix OS stackguard evading LC glibc + su + msgfmt local root exploit. Tested on Immunix OS (Stackguarded Redhat 6.2). Patch available here.
02402c03254c5da91d6dc0b2216ce25aSlackware Security Advisory - Wu-ftpd version 2.6.0 has a remote root hole in it. Upgrade to version 2.6.1.
8c228dd3b46d54e8f52f642105a31398The CSM proxy server's siteblocker feature can be bypassed by setting up your web browser to use an external proxy.
0a7ad2c061a8fb7df08d92978e52e4f9OpenBSD 2.6 local / remote denial of service attack. Sends a large number of ARP packets, causing the kernel to run out of memory and panic. Only works on machines connected to the same network segment.
e2cf1426738d4693c162a1bb329c0a2f/usr/bin/traceroute local root format string exploit for LBNL traceroute, distributed with Red Hat 6.1/6.2 and Debian 2.2.
9d10b3b9c0e1049d66f48df73cca397cOpenBSD 2.6 and 2.7 xlock local root format string exploit.
32519bf64b8cf0a582df4d0797f4ab60Georgi Guninski security advisory #23 - Internet Explorer 5.5/Outlook allow executing arbitray programs after viewing web page or email message. This very serious vulnerability may easily lead to taking full control over user's computer. The problem is the com.ms.activeX.ActiveXComponent java object, which allows creating and scripting arbitrary ActiveX objects, including those not marked safe for scripting. Demonstration available here.
cd308ec05b7a2b26be70588e9af754acHow to become elite.
2d7fab83c16f4e3c3b94667bdee5045dArping is an arp level ping utility which broadcasts a who-has ARP packet on the network and prints answers. Very useful when you are trying to pick an unused IP for a net that you don't yet have routing to.
a9647360fc8b5b4caeec38bd3256228csamhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
7740c355236a2fa61e3e22375e0b7fe7
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed