what you don't know can hurt you
Showing 1 - 25 of 192 RSS Feed

Files Date: 2001-01-01 to 2001-01-31

Posted Jan 30, 2001
Site apache.org

Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed.

Changes: Lots of bugfixes and improvements including a potential security hole on Netware. Changelog available here.
systems | unix
MD5 | bcb3c0db956709ad8f04655fd75621e6
Posted Jan 30, 2001
Site linux-mandrake.com

Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.

tags | tool, intrusion detection
systems | unix
MD5 | f95b2b2bb5e3231dba913df8bf2d4a94
Posted Jan 30, 2001
Authored by Covert Labs | Site pgp.com

Network Associates Security Advisory COVERT-2001-01 - BIND v8.2.2 to 8.2.3-T9B contains buffer overflows that allows a remote attacker to execute arbitrary code. The overflow is in the initial processing of a DNS request and therefore does not require an attacker to control an authoritative DNS server. This vulnerability not dependent upon configuration options and affects both recursive and non-recursive servers. Additional remote format string and buffer overflows affect v8.2 through 8.2.3-T9B and v4.9.3 to v4.9.7. ISC's description of the problems available here.

tags | remote, overflow, arbitrary
MD5 | 300621728056a0b531ba421eeafa6e35
Posted Jan 28, 2001
Authored by Alberto Ornaghi, Marco Valleri | Site ettercap.sourceforge.net

Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining the connection alive! Integrated into a easy-to-use and powerful ncurses interface.

tags | tool, sniffer
MD5 | 866c73de35432f34998ab18b8904f483
Posted Jan 27, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010125.DOS.1.5 - Remote users can crash Netscape Enterprise Server by sending "REVLOG / HTTP/1.0".

tags | remote, web
MD5 | 52e6587659880b3844d8e11de7bf7795
Posted Jan 27, 2001
Authored by Robert Keyes | Site razor.bindview.com

Naptha v1.1 is a denial of service attack against many OS's which uses established TCP connections to create a resource starvation attack. Includes three tools - bogusarp makes a bogus entry in the router's arp cache so it actually puts packets with our faked source address on the Ethernet, synsend, and srvr which replaces ackfin from Naptha 1.0. Tested against Windows 95, 98 and NT4 and more. Compiles on Linux 2.2.x, OpenBSD 2.7, FreeBSD 4.0.

tags | exploit, denial of service, tcp
systems | linux, windows, freebsd, openbsd
MD5 | 9e461df6b11c94a3409cd933dfbe9a0a
Posted Jan 27, 2001
Authored by Charles Stevenson

Glibc prior to v2.1.9x allows local users to read any file. This shell script exploits this bug using the Openssh-2.3.0p1 binary. Tested against Debian 2.3 and Redhat 7.0.

tags | exploit, shell, local
systems | linux, redhat, debian
MD5 | 4c421f7d5f1a7e40155c52fc44daa995
Posted Jan 27, 2001
Authored by Pablo Sor

/usr/bin/write overflow proof of concept exploit - Tested against Solaris 7 x86.

tags | exploit, overflow, x86, proof of concept
systems | solaris
MD5 | fe5dc0ffbbd4dbd5da424b640fbbdb5b
Posted Jan 27, 2001
Authored by IhaQueR

Due to a various race conditions in the init level editing script /sbin/rctab it is possible for any local user to overwrite any system's file with arbitrary data. This may result in denial of service attack, local or even remote root compromise, if root runs the /sbin/rctab script. Tested against SuSE 7.0.

tags | exploit, remote, denial of service, arbitrary, local, root
systems | linux, suse
MD5 | 51769f0a559e55a0fbe445c318e64d5b
Posted Jan 27, 2001
Authored by ADM, Shane A. Macaulay

SCO OpenServer v5.0.5 /usr/bin/mscreen local exploit.

tags | exploit, local
MD5 | 0d6decf4c717851249cad2b166d2b635
Posted Jan 27, 2001
Authored by ADM, Shane A. Macaulay

Tru64 (OSF/1) /usr/bin/su local exploit - Works if executable stack is on.

tags | exploit, local
MD5 | 3dd785c49420cd2ce460d0f2717087ad
Posted Jan 27, 2001

Microsoft Security Advisory MS01-003 - Users who have interactive logon access to a Microsoft Windows NT 4.0 server can deny network access by running a program which monopolizes the Winsock mutex, which has its permissions set too weak. The machines most likely to be affected would be terminal servers. Microsoft FAQ on this issue available here.

systems | windows
MD5 | 9f9a8bd463d3e0c005e30b418cbeb41e
Posted Jan 27, 2001
Authored by Plathond | Site sensepost.com

FreeBSD ipfw+ECE proof of concept code - Using FreeBSD divert rule, all outgoing traffic will have the ECE flag added to it, bypassing ipfw if it passes established connections.

tags | exploit, proof of concept
systems | freebsd
MD5 | 81b9fda7f3e1e97294cd43a16f4d4c76
Posted Jan 27, 2001
Authored by Fyodor

Netscape Enterprise Server 4.0 remote root exploit - Tested against Sparc SunOS 5.7.

tags | exploit, remote, root
systems | solaris
MD5 | bd9a07a89b35b15672e6de6fbc167ecf
Posted Jan 27, 2001
Site debian.org

Debian Security Advisory DSA-021-1 - The mod_rewrite module for Apache has a remote vulnerability which may allow a remote attacker to gain access to arbitrary files. Users of the mod_rewrite module are advised to upgrade. In addition, htdigest and htpasswd use tempfiles insecurely. Since they are not setuid, impact is minimal.

tags | remote, arbitrary
systems | linux, debian
MD5 | 077ed523f7eb1d0e211fd199c015a301
Posted Jan 27, 2001
Authored by Jon Rifkin | Site sp.uconn.edu

Ipaudit records and displays network activity. It is useful for identifying high bandwidth users, intrusive telnet sessions, denial of service attacks, and scans. Ipaudit stores counts of bytes and packets for every combination of host/port pairs and protocol. It also includes scripts which automatically generate webified reports, CGI scripts which organize web presentation, and the utilities "total" and "ipstrings" which can be used to investigate network traffic records from the command line.

Changes: This release includes the ability to monitor multiple network interfaces simultaneously, an optional configuration file, improved definition of local network addresses using multiple IP ranges, and a fix for an occasional crash when the program terminated.
tags | tool, web, denial of service, cgi, sniffer, protocol
MD5 | 8581ea00ebb854806b19a3759764f536
Posted Jan 26, 2001
Site suse.de

SuSE Security Announcement SuSE-SA:2001:01 - The runtime-linker as used in the SuSE distributions ignores the content of the critical environment variables, allowing local users to link against user-specified libraries and obtain the privilege level of a setuid binary. To eliminate these problems, we provide update packages that completely disregard the LD_* variables upon runtime-linking of a binary that has an effective uid different from the caller's userid.

tags | local
systems | linux, suse
MD5 | 22bf41a5074c90f697f9bc3c1d60bf8f
Posted Jan 26, 2001
Site debian.org

Debian Security Advisory DSA-022-1 - Exmh v2.2 and below used /tmp for storing temporary files. No checks were made to ensure that nobody placed a symlink with the same name in /tmp in the meantime and thus was vulnerable to a symlink attack.

systems | linux, debian
MD5 | 4cacd41df25253eabfe39dcd21dd05eb
Posted Jan 26, 2001
Site debian.org

Debian Security Advisory DSA-020-1 - A vulnerability has been found in PHP4 v4.0.4 and below which crashes PHP and sends the source to the client instead of executing it.

tags | denial of service, php
systems | linux, debian
MD5 | a119652d3773c86351c778714a10c380
Posted Jan 26, 2001
Site debian.org

Debian Security Advisory DSA-019-1 - A tempfile bug has been found in Squid v2.3stable4 when it sends out email messages about updates.

systems | linux, debian
MD5 | b2149c26559a825338d5a3791123baae
Posted Jan 26, 2001
Site redhat.com

Red Hat Security Advisory RHSA-2001:005-03 - New micq packages are available which fix a buffer overflow vulnerability in micq v0.4.6.

tags | overflow
systems | linux, redhat
MD5 | ff7ba940e545aa42d85a9d012b8ba7d1
Posted Jan 26, 2001
Authored by Mixter | Site mixter.void.ru

iSSL is a library offering a minimal cryptographical API that uses the ciphers RSA and AES to establish SSL-alike, secure encrypted communications between two peers communicating through a network socket, including session key generation and public key exchange.

MD5 | f33f0a92dece3a0bd3133e8388206549
Posted Jan 26, 2001
Authored by Psychoid, Randomizer

Stacheldraht v1.666 + antigl + yps distributed denial of service tool.

tags | denial of service
MD5 | 7181039d0767fd4cf4cb3a77bea3c47f
Posted Jan 26, 2001
Site securityfocus.com

SecureStack 1.0 s capable of protecting Windows NT/2000 systems from buffer overflow attacks.

tags | overflow
systems | windows
MD5 | 9c03a68f07a05508cc1f0330bf597183
FreeBSD Security Advisory 2001.9
Posted Jan 26, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:09 - Crontab contains a vulnerability which allows local users to read any file on the system which conforms to a valid cron syntax. This allows other users crontab files to be read, in addition to any file which has every line commented out.

tags | local
systems | freebsd
MD5 | c4ad7feb6bba40a4c3f596bfb09652f0
Page 1 of 8

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By