NSFOCUS Security Advisory(SA2000-03) - A denial of service vulnerability has been found in the IPX/SPX protocol implementation. When a WIN9x host receives a IPX NMPI packet that has the same source and destination machine name of its own, it will be lead to an infinite loop of sending and receiving packets. This attack will consume a large sum of CPU resource of attacked host, causing it to crash.
ee09333c713c3c147526afc9d6f8cea9c39dd915e503348778b1122d7781a015SAINT (Security Administrator's Integrated Network Tool) is a security assessment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
d4a2fa3f65a7eeae71ab52548598bc5ca4c0c7dbfa771ae2ca5d5761dcd8b08dThe idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
a53267652597064b7c591ffc8a54035b81f2ddac673e1eec9535e8476818b4ceZorp is a new-generation modular proxy firewall suite to finetune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize outband authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).
af4de5fd0b6c4b60da55f824fea6923076484b3b7300ac59488942c058981087SuSE Security Advisory - GNU cfengine, an abstract programming language for system administrators of large networks, has several local root format string vulnerabilities.
f52aec0643cadd4f2fb5e2f95f5fd9d3969b607abef7aebde0e82ce715404736SuSE Security Advisory - esound, a daemon program for the Gnome desktop, has a race condition which allows local attackers to change the permissions on any file on the filesystem.
6c6d344c26218475b41876a24d93ef04e105e8ff868b589b666644cce3691bc5FreeBSD 4.X local /usr/bin/systat exploit. Gives a sgid kmem shell by exploiting the .terminfo bug in ncurses.
74912457abcb06d1b3486b0919890ed721d24f2ed15b58307dd60bb46c085361ISS Security Advisory - The tmpwatch utility used in Red Hat Linux to remove temporary files does not handle arguments securely, allowing an attacker to execute arbitrary commands as root.
3a65b520b3913eeaf250c2b7af29ca697b1fcffe8b6368c569d85201f43b3ff9DNSflood.pl floods a DNS server with spoofed DNS requests.
789304b58c60ecf4f320d6a047327759676b652f6ecfc0bbfe303fce180a9f7bGodmessage Creator allows you to implement the Godmessage IV activeX attack with any binary you supply. Archive password is set to p4ssw0rd. Use at your own risk.
b9fd0228ceaa7acd36b390294012c3d5d088fdf1b259c1e0aa24325b927685a2The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.
79caba0cc09f4e2260fe8e252037eb8b642e1d548a41a3902bc385a1480da117Microsoft Security Bulletin (MS00-072) - Microsoft has released a patch that eliminates the "Share Level Password" vulnerability in Windows 95, 98, 98SE, and Me. Microsoft Windows 9x/Me provides a password protection feature referred to as (share level access) for the File and Print Sharing service. However, due to the way the password feature is currently implemented, a file share can be compromised, by a malicious user who used a special client utility, without that user knowing the entire password required to access that share. Microsoft FAQ on this issue available here.
ccfedaa9a6012593410b937b115734c1127cb12ea74954b54661749c3acba5c8Red Hat Security Advisory - tmpwatch as shipped in Red Hat Linux 6.1, 6.2, and 7.0 uses fork() to recursively process subdirectories, enabling a local user to perform a denial of service attack. Tmpwatch from Red Hat Linux 6.2 and 7.0 also contains an option to allow it to use the fuser command to check for open files before removal. It executed fuser in an insecure fashion, allowing a local root exploit.
42ef2e0471b2c65e06529723fdbb062b9bb78eca99bb286d0a4851b14c070154Synnergy Laboratories Advisory SLA-2000-16 - Synnergy Labs has found a flaw within Master Index for Linux/UNIX that allows a user to successfully traverse the filesystem on a remote host, allowing arbitary files/folders to be read. Exploit URL included. Fix available here.
a23909da35478f6a2095d6d342fb63d5f4accfbcc2879f4add37f28616e828c3Red Hat Security Advisory - The usermode package contains a binary (/usr/bin/userhelper), which is used to control access to programs which are to be executed as root. Because programs invoked by userhelper are not actually running setuid-root, security measures built into recent versions of glibc are not active. If one of these programs supports internationalized text messages, a malicious user can use the LANG or LC_ALL environment variables (which are inherited by userhelper and, in turn, any programs it runs) to create a format-string exploit in these programs.
9cd98a0ba94bc89f414dfce3803982f4cb2fb5e1b147b65066171642800aa1edThe ncurses library v4.2 and 5.0 contains exploitable buffer overflows which can be used to gain additional priveledge if there are SUID programs which use ncurses and the library implementation supports ~/.terminfo. Vulnerable programs found so far include Red Hat and SuSE cda, FreeBSD /usr/bin/systat, and OpenBSD /usr/bin/systat.
cd14250aa0648fdf5f3d589e34c08c13e7c735b8731d2b965eb799837ca4e257wuscan.sh is a bash shell script which scans machines for wu-ftpd v2.60.
f5b9a19716278390d7b712fe73b89ba114271f6f9578779c615e54bfe1eeb2cbISS Security Alert Summary for October 10, 2000. 91 new vulnerablities were reported this month. This document has links to more information and full advisories on each. Includes: apache-rewrite-view-files, win2k-simplified-chinese-ime, xinitrc-bypass-xauthority, slashcode-default-admin-passwords, quotaadvisor-quota-bypass, hinet-ipphone-get-bo, netscape-ie-password-dos, traceroute-heap-overflow, glibc-unset-symlink, lpr-checkremote-format-string, netscape-messaging-list-dos, palm-weak-encryption, mediaplayer-outlook-dos, unixware-scohelp-format, ie-getobject-expose-files, webplus-example-script, lprng-format-string, openview-nmm-snmp-bo, alabanza-unauthorized-access, pine-check-mail-bo, ciscosecure-tacacs-dos, suse-installed-packages-exposed, ciscosecure-csadmin-bo, ciscosecure-ldap-bypass-authentication, rbs-isp-directory-traversal, wincom-lpd-dos, webplus-reveal-path, webplus-expose-internal-ip, webplus-reveal-source-code, du-kdebugd-write-access, glint-symlink, mdaemon-url-dos, browsegate-http-dos, klogd-format-string, office-dll-execution, cisco-pix-smtp-filtering, horde-imp-sendmail-command, exchange-store-dos, doublevision-dvtermtype-bo, sambar-search-view-folder, camshot-password-bo, websphere-header-dos, win2k-telnet-ntlm-authentication, http-cgi-multihtml, hp-openview-nnm-scripts, freebsd-eject-port, webtv-udp-dos, imp-attach-file, fastream-ftp-dos, fur-get-dos, 602prolan-telnet-dos, 602prolan-smtp-dos, as400-firewall-dos, eftp-bo, eftp-newline-dos, sco-help-view-files, win2k-rpc-dos, mailform-attach-file, linux-mod-perl, pam-authentication-bo, siteminder-bypass-authentication, mailto-piped-address, winsmtp-helo-bo, yabb-file-access, linux-tmpwatch-fork-dos, muh-log-dos, documentdirect-username-bo, documentdirect-get-bo, documentdirect-user-agent-bo, interbase-query-dos, suse-apache-cgi-source-code, phpphoto-dir-traverse, apache-webdav-directory-listings, eudora-path-disclosure, phpphotoalbum-getalbum-directory-traversal, lpplus-permissions-dos, lpplus-process-perms-dos, lpplus-dccscan-file-read, xmail-long-apop-bo, xmail-long-user-bo, w2k-still-image-service, irc-trinity, wftpd-long-string-dos, wftpd-path-disclosure, iis-invald-url-dos, screen-format-string, ntmail-incomplete-http-requests, wavelink-authentication, php-file-upload, unix-locale-format-string, and aix-clear-netstat.
c216ccfd7bb412d411ec6ce30d33d782e379f3b95c50042b517f1d53c6b4cbc5Vigilante Advisory #14 - HP Jetdirect print servers have multiple vulnerabilities which have effects ranging from the service crashing to the printer initiating a firmware upgrade based on random garbage in the memory, and in some cases powercycling won't fix the crash. It requires a new firmware burn by eg. HP to restore the Jetdirect card. The FTP, Telnet, and LPD services contain buffer overflows, and spoofed malformed packets can crash the printer. Fix available here.
bdca6965e5cc27db16052ee9d2ed6315debed77a62a63aa071a0614cac33ff36Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: Cached_feed.cgi vulnerability, Gnorpm /tmp vulnerability, Cyberoffice Shopping cart flaw, Wingate 4.0.1 dos, Xfce 3.5.1 local vulnerability, Thttpd 2.19 ssi vulnerability, Pegasus mail file reading vulnerability, GNU Groff problem, IIS 5.0 unauthorized directory listings, AOL Instant Messanger DOS, Another IE5.5/outlook vulnerability, Traceroute local root vulnerability, esound vulnerability, tmpwatch vulnerabilities, and the PHPix 1.0.X vulnerability. In news: Media's guide to talking to hackers, using conservation of flow as a security mechanism in network protocols, securing a default linux instalation, Bush Campeign mounts email assult, Softseek infects users with Netbus, OpenBSD plugs security hole, Secprog mail list, Cybercrime outpacing security spending, Interview with Mark Abene, Linux virus scanners, and more.
a9ecc6e80c436a8c0de9e4f5135fdbbc3cad8cba882b3cb3d51bdc1f725d75e6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed