S.A.F.E.R. Security Bulletin 010125.DOS.1.5 - Remote users can crash Netscape Enterprise Server by sending "REVLOG / HTTP/1.0".
bcbac6b73e719d6616d1e1851da6d457f568a7ce545c3c6e33a6048ce1c0aceeNaptha v1.1 is a denial of service attack against many OS's which uses established TCP connections to create a resource starvation attack. Includes three tools - bogusarp makes a bogus entry in the router's arp cache so it actually puts packets with our faked source address on the Ethernet, synsend, and srvr which replaces ackfin from Naptha 1.0. Tested against Windows 95, 98 and NT4 and more. Compiles on Linux 2.2.x, OpenBSD 2.7, FreeBSD 4.0.
5e9a1ecb83ce88598a70eb891593de41f1d521c357bb903418539c2af1203ad1Glibc prior to v2.1.9x allows local users to read any file. This shell script exploits this bug using the Openssh-2.3.0p1 binary. Tested against Debian 2.3 and Redhat 7.0.
2d457aea08bb212a673eba42f38cd71b80a69cfa337478e974be158a3d4ea4f9/usr/bin/write overflow proof of concept exploit - Tested against Solaris 7 x86.
c16ac5bdc4e051947b73224fd9ce4ee3520b8642faad979a56aa2d408efed275Due to a various race conditions in the init level editing script /sbin/rctab it is possible for any local user to overwrite any system's file with arbitrary data. This may result in denial of service attack, local or even remote root compromise, if root runs the /sbin/rctab script. Tested against SuSE 7.0.
fc19e225e62f6f5c2e025ec29e9a8a3f1627d65e3092f30765ef013a8834d294SCO OpenServer v5.0.5 /usr/bin/mscreen local exploit.
46e2112f1ac589a1dd162f6987291786829b758ff1f0dcfb9a92ed98a4c809baTru64 (OSF/1) /usr/bin/su local exploit - Works if executable stack is on.
f67306c7d5e8a80b0d9dd9ec31f5862dc99315e27b96ffd753df2a04197de25eMicrosoft Security Advisory MS01-003 - Users who have interactive logon access to a Microsoft Windows NT 4.0 server can deny network access by running a program which monopolizes the Winsock mutex, which has its permissions set too weak. The machines most likely to be affected would be terminal servers. Microsoft FAQ on this issue available here.
f835a158f02a1920755bb70d072f95e75099c6e1d36135452a20cc448b2b4cb7FreeBSD ipfw+ECE proof of concept code - Using FreeBSD divert rule, all outgoing traffic will have the ECE flag added to it, bypassing ipfw if it passes established connections.
3b3c1522f51acfd836de24641b6920925238d5ad476f2116a2c8a01ab169e4e2Netscape Enterprise Server 4.0 remote root exploit - Tested against Sparc SunOS 5.7.
5962857e51380ddd9c8779fffaabc0d7d0b7a29097786414f377c5d1d18e92dbDebian Security Advisory DSA-021-1 - The mod_rewrite module for Apache has a remote vulnerability which may allow a remote attacker to gain access to arbitrary files. Users of the mod_rewrite module are advised to upgrade. In addition, htdigest and htpasswd use tempfiles insecurely. Since they are not setuid, impact is minimal.
88043368fb96878494320a4cb29b4290b5feb054f3162285d350b690c3d9ea00Ipaudit records and displays network activity. It is useful for identifying high bandwidth users, intrusive telnet sessions, denial of service attacks, and scans. Ipaudit stores counts of bytes and packets for every combination of host/port pairs and protocol. It also includes scripts which automatically generate webified reports, CGI scripts which organize web presentation, and the utilities "total" and "ipstrings" which can be used to investigate network traffic records from the command line.
82c47fba296e93ee50b0a033e0689d4c3fbc08ebd6e1026dcd7f069a05d0e872
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed