exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files Date: 2000-12-23

suse.openssh.txt
Posted Dec 23, 2000
Site suse.de

SuSE Security Announcement - openssh is an implementation of the secure shell protocol, available under the BSD license, primarily maintained by the OpenBSD Project. Many vulnerabilities have been found in the openssh package: An openssh client (the ssh program) can accept X11- or ssh-agent forwarding requests even though these forwarding capabilities have not been requested by the client side after successful authentication. Using these weaknesses, an attacker could gain access to the authentication agent which may hold multiple user-owned authentication identities, or to the X-server on the client side as if requested by the user.

tags | shell, vulnerability, protocol
systems | linux, suse, bsd, openbsd
SHA-256 | 6bc86fe768520b6d4748e5ce57dc320bc8e2cc6fab198eb115172bff82ff249d
gre.pdf.gz
Posted Dec 23, 2000
Authored by FX | Site phenoelit.de

This paper describes a possible way to attack hosts with RFC1918 IP addresses behind GRE Tunnels over the Internet.

tags | paper, protocol
SHA-256 | f56cd653e16527b61bea075fcdd9e9bd1e145226aa80c22f2f48ba8f4bdd083a
sa_07.txt
Posted Dec 23, 2000
Site nsfocus.com

NSFOCUS Security Advisory (SA2000-07) - A serious flaw in Microsoft IIS 4.0 and 5.0 when handling CGI filenames allows any file on the system to be read and remote command execution, as described in here.

tags | remote, cgi
SHA-256 | 85c25f2dd295eef761bb7ed7766d70fbcfc7d6ba678f8b8cf47e98b2f9c639b7
pluto.c
Posted Dec 23, 2000

Pluto.c is a SOCK_RAW flooder which attempts to hide from conseal and ipchains.

tags | denial of service
SHA-256 | 8d9cd489065a7c20ca2164005dc5e8894dd2f18730f6eaf773403c9e662103ea
catman-race.txt
Posted Dec 23, 2000
Authored by Larry W. Cashdollar | Site vapid.betteros.org

Solaris 2.7/2.8 /usr/bin/catman allows local users to clobber root owned files by symlinking temporary files. Includes catman-race.pl and ctman-race2.pl for proof of concept.

tags | exploit, local, root, proof of concept
systems | solaris
SHA-256 | 9a29d9929df3618598e1b73b8901c5d5026303418322bac348f2cc5417e8cef6
ms00-100
Posted Dec 23, 2000

Microsoft Security Bulletin (MS00-100) - Microsoft has released a patch that eliminates the "Malformed Web Form Submission" security vulnerability in a component that ships as part of Microsoft Internet Information Server. The FrontPage Server Extensions (FPSE) which ship with and are installed by default as part of IIS 4.0 and 5.0 have a vulnerability which crashes IIS when a malformed form submission is sent. Microsoft FAQ on this issue available here.

tags | web
SHA-256 | 0570cc66d8a2848c8d874674c177c4fefa1b9043c8e990e815130176ea89c8ad
ICMP_Scanning_v2.5.pdf
Posted Dec 23, 2000
Authored by Ofir Arkin | Site sys-security.com

ICMP Usage in Scanning v2.5 - This paper outlines what can be done with the ICMP protocol regarding scanning. Although it may seem harmless at first glance, this paper includes details on plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.

Changes: This version introduces a few new OS fingerprinting methods, some of which use ICMP error messages, allowing a remote OS fingerprint even if all the ports are closed. Also a lot of information on ICMP error messages has been added. Also added some snort rules.
tags | paper, protocol
SHA-256 | f24d4c556d3ee9ffcb8171a788a947a60fbd2ff30a032eb88fe0fcf710c8c75f
guarddog-0.9.5.tar.gz
Posted Dec 23, 2000
Authored by Simon Edwards | Site simonzone.com

GuardDog is a firewall configuration utility for KDE on Linux. GuardDog is aimed at two groups of users - novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hassle of dealing with cryptic shell scripts and ipchains parameters. Features an easy to use goal oriented GUI and the ability to generate ipchains scripts as output. Screenshot here.

Changes: Generated firewalls now setup the kernel networking protection, and are now tighter, only opening the local port range instead of all non-privileged ports where appropriate. New options to always reject auth requests are also included, which can speed up POP connections.
tags | tool, shell, tcp, firewall
systems | linux
SHA-256 | 8701a7ca5b96c11874a45e291812c522aec538aa70a3641da2619abb8d168c5b
Page 1 of 1
Back1Next

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    32 Files
  • 6
    Jun 6th
    39 Files
  • 7
    Jun 7th
    22 Files
  • 8
    Jun 8th
    17 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close