exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files Date: 2000-12-23

suse.openssh.txt
Posted Dec 23, 2000
Site suse.de

SuSE Security Announcement - openssh is an implementation of the secure shell protocol, available under the BSD license, primarily maintained by the OpenBSD Project. Many vulnerabilities have been found in the openssh package: An openssh client (the ssh program) can accept X11- or ssh-agent forwarding requests even though these forwarding capabilities have not been requested by the client side after successful authentication. Using these weaknesses, an attacker could gain access to the authentication agent which may hold multiple user-owned authentication identities, or to the X-server on the client side as if requested by the user.

tags | shell, vulnerability, protocol
systems | linux, suse, bsd, openbsd
SHA-256 | 6bc86fe768520b6d4748e5ce57dc320bc8e2cc6fab198eb115172bff82ff249d
gre.pdf.gz
Posted Dec 23, 2000
Authored by FX | Site phenoelit.de

This paper describes a possible way to attack hosts with RFC1918 IP addresses behind GRE Tunnels over the Internet.

tags | paper, protocol
SHA-256 | f56cd653e16527b61bea075fcdd9e9bd1e145226aa80c22f2f48ba8f4bdd083a
sa_07.txt
Posted Dec 23, 2000
Site nsfocus.com

NSFOCUS Security Advisory (SA2000-07) - A serious flaw in Microsoft IIS 4.0 and 5.0 when handling CGI filenames allows any file on the system to be read and remote command execution, as described in here.

tags | remote, cgi
SHA-256 | 85c25f2dd295eef761bb7ed7766d70fbcfc7d6ba678f8b8cf47e98b2f9c639b7
pluto.c
Posted Dec 23, 2000

Pluto.c is a SOCK_RAW flooder which attempts to hide from conseal and ipchains.

tags | denial of service
SHA-256 | 8d9cd489065a7c20ca2164005dc5e8894dd2f18730f6eaf773403c9e662103ea
catman-race.txt
Posted Dec 23, 2000
Authored by Larry W. Cashdollar | Site vapid.betteros.org

Solaris 2.7/2.8 /usr/bin/catman allows local users to clobber root owned files by symlinking temporary files. Includes catman-race.pl and ctman-race2.pl for proof of concept.

tags | exploit, local, root, proof of concept
systems | solaris
SHA-256 | 9a29d9929df3618598e1b73b8901c5d5026303418322bac348f2cc5417e8cef6
ms00-100
Posted Dec 23, 2000

Microsoft Security Bulletin (MS00-100) - Microsoft has released a patch that eliminates the "Malformed Web Form Submission" security vulnerability in a component that ships as part of Microsoft Internet Information Server. The FrontPage Server Extensions (FPSE) which ship with and are installed by default as part of IIS 4.0 and 5.0 have a vulnerability which crashes IIS when a malformed form submission is sent. Microsoft FAQ on this issue available here.

tags | web
SHA-256 | 0570cc66d8a2848c8d874674c177c4fefa1b9043c8e990e815130176ea89c8ad
ICMP_Scanning_v2.5.pdf
Posted Dec 23, 2000
Authored by Ofir Arkin | Site sys-security.com

ICMP Usage in Scanning v2.5 - This paper outlines what can be done with the ICMP protocol regarding scanning. Although it may seem harmless at first glance, this paper includes details on plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.

Changes: This version introduces a few new OS fingerprinting methods, some of which use ICMP error messages, allowing a remote OS fingerprint even if all the ports are closed. Also a lot of information on ICMP error messages has been added. Also added some snort rules.
tags | paper, protocol
SHA-256 | f24d4c556d3ee9ffcb8171a788a947a60fbd2ff30a032eb88fe0fcf710c8c75f
guarddog-0.9.5.tar.gz
Posted Dec 23, 2000
Authored by Simon Edwards | Site simonzone.com

GuardDog is a firewall configuration utility for KDE on Linux. GuardDog is aimed at two groups of users - novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hassle of dealing with cryptic shell scripts and ipchains parameters. Features an easy to use goal oriented GUI and the ability to generate ipchains scripts as output. Screenshot here.

Changes: Generated firewalls now setup the kernel networking protection, and are now tighter, only opening the local port range instead of all non-privileged ports where appropriate. New options to always reject auth requests are also included, which can speed up POP connections.
tags | tool, shell, tcp, firewall
systems | linux
SHA-256 | 8701a7ca5b96c11874a45e291812c522aec538aa70a3641da2619abb8d168c5b
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close