what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2001-06-01 to 2001-06-30

Posted Jun 9, 2001
Authored by Nelson Murilo | Site chkrootkit.org

chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.

Changes: New tests added - amd, named, egrep, slogin. Detects more works, including ShitC, Omega, Wormkit, dsc-rootkit, and Maniak. A bug in chklastlog was fixed, as were some other misc bugs.
tags | tool, integrity, rootkit
systems | linux, unix, solaris, freebsd, openbsd
SHA-256 | e29c1a0b2dde2068163c77b587c8fbe517fc5f4cedec74a896122def2ccd37dd
Posted Jun 8, 2001
Authored by Milo Van Der Zee

HP Openview NNM6.1 and earlier running on unix contains a remote vulnerability in the suid bin executable overactiond. Any program can be started remotely by sending a SNMP trap to the server. Exploit details included.

tags | exploit, remote
systems | unix
SHA-256 | 8bae1494554d275412868e489713e831885ff1d72e8a63633bb2f8680fe0525a
Posted Jun 8, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor / Bindview Advisory - There is a buffer size checking related fault condition in Microsoft Windows 2000 telnet server. This vulnerability is present only if telnet service is running and plain-text logins are allowed. If there are already 4300 characters in the buffer, username length range checking does not work. Perl exploit included.

tags | perl
systems | windows
SHA-256 | be12ffcb3f00a8aa6f4162cd3e7951feb76a5d093a8d28f0c9847b0b212e51c2
Posted Jun 8, 2001

Microsoft Security Advisory MS01-031 - This bulletin discusses seven new vulnerabilities affecting the Windows 2000 Telnet service. The vulnerabilities fall into three broad categories: privilege elevation, denial of service and information disclosure. Two of the vulnerabilities allow privilege elevation and four are denial of service attacks. Microsoft FAQ on this issue available here.

tags | denial of service, vulnerability, info disclosure
systems | windows
SHA-256 | 275cc644551b34ab079ae421747cbb602e4ba75e134167b2c0b19294f3a910b9
Posted Jun 8, 2001
Authored by Emilie Chang

Cue.sh exploits an old hp/ux local root vulnerability which remains unpatched on most systems. Tested on HP.UX 10.20 v899. /usr/bin/cue exists on 800 models.

tags | exploit, local, root
systems | hpux
SHA-256 | 472483aecd2a7b9ae3663034d47e3348ad1cb85b56301582f36fd92c0f77c432
Posted Jun 8, 2001

Passlogd is a sniffer which logs traffic on the UDP syslog port, allowing a syslog receiver to have no open ports.

Changes: Fixed parser.
tags | udp
systems | unix
SHA-256 | bd223eaa2a280c832a8a9653dcada9835927ce76ed2c20445966f6d461247f0d
Posted Jun 7, 2001

Passlogd is a sniffer which logs traffic on the UDP syslog port, allowing a syslog receiver to have no open ports.

tags | udp
systems | unix
SHA-256 | 6d632883aa1d1f497d54b461d54b3df491cd475e77a00342548fb282b0ab3b0c
Posted Jun 7, 2001
Site scaramanga.co.uk

Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.

Changes: New TCP flags, ICMP sequence, and ID matchers, bugfixes, a more verbose alert target, and improved documentation.
tags | tool, intrusion detection
systems | unix
SHA-256 | 3148ae3a478e12d7be6f62059295349c4d7dbc4ef15fec0ee23d0ee0f2f9ae03
Posted Jun 7, 2001

Microsoft Security Advisory MS01-030 - Exchange 2000's web access (OWA) has a vulnerability which allows an attacker to send script code to users which can take action against the user's mailbox as if it were the user, including, under certain circumstances, manipulation of messages or folders. Microsoft FAQ on this issue available here.

tags | web
SHA-256 | f7f48318c3d4e4c6d067c2811d272a2e95f9a678915af7f158259f9cd09892f8
Posted Jun 7, 2001
Authored by Dex | Site raza-mexicana.org

Su-wrapper v1.1.1 local root exploit for Linux/x86.

tags | exploit, x86, local, root
systems | linux
SHA-256 | 942b946e556a127ab3738e8046bb6401be1e111a46efe383d2ad6b46481182a5
Posted Jun 7, 2001
Site appgate.com

MindTerm is a complete ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.

Changes: Fixed scp bug. All sources are now available.
tags | java, protocol
SHA-256 | bd773bec00af0e7d8bcc99ef91ef50f897b8e537c10e4aebd81edb326fa08f81
Posted Jun 7, 2001
Site dwheeler.com

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: New --neverignore option.
systems | unix
SHA-256 | 7ff8fe36aecdf1e150ddcc52d1f62484699ce6c98385bcac198ec02989597243
Posted Jun 7, 2001
Authored by Marvin | Site habets.pp.se

Arping is an arp level ping utility which broadcasts a who-has ARP packet on the network and prints answers. Very useful when you are trying to pick an unused IP for a net that you don't yet have routing to.

Changes: The -R switch for alternative raw output has been added.
tags | tool
systems | unix
SHA-256 | 6403f30d63d52ebe9059a93dc0026c8a421ce628f683d01d048bc6b584945fb2
Posted Jun 6, 2001
Authored by Paul Starzetz | Site ihaquer.com

RSX is a Linux LKM which stops most buffer overflow attacks. It is a Runtime addressSpace eXtender providing on the fly code remapping of existing Linux binaries in order to implement non-executable stack as well as non-exec short/long heap areas. RSX targets common buffer-overflow problems preventing code execution in mapped data-only areas. Currently a 2.4.x version of the kernel module is available.

tags | overflow, kernel, code execution
systems | linux
SHA-256 | ae4b689feaf93c5e1e1b4e43c24cf1ad1d1274a002df6d49a1c9837817fafd10
Posted Jun 6, 2001
Authored by qitest1 | Site qitest1.cjb.net

Tiatunnel.c is a Linux/x86 remote exploit for TIAtunnel-0.9alpha2, an IRC bouncer. Tested on RedHat 6.2 with TIAtunnel-0.9alpha2 from tar.gz. Binds a shell to port 30464.

tags | exploit, remote, shell, x86
systems | linux, redhat
SHA-256 | 77aa0c85e58b973ca86ca00a5c8eaabd32591cdc8a7e911c09f1ffb2fbc8c95a
Posted Jun 6, 2001
Authored by Michel MaXX Kaempf | Site synnergy.net

Vudo.c is a Sudo-1.6.3p5 and below local root exploit. Tested on Red Hat 6.2 with sudo-1.6.1-1.

tags | exploit, local, root
systems | linux, redhat
SHA-256 | 5feeadaf61cb4fda4301b7053a857303db23d94fcdd06171b02cd101ee366e61
Posted Jun 6, 2001
Authored by Alt3kx | Site raza-mexicana.org

The QVT/NET 4.3 FTP Server and the Shambala FTP Server for Windows 9x/NT/2000 contains remote vulnerabilities which allow users to see and retrieve any file on the server. Exploit information included.

tags | exploit, remote, vulnerability
systems | windows
SHA-256 | 40f5fee603c5fb9de026a015b88a134d7d3e0fdf79a92fe4ca6eb6a136c06883
Posted Jun 5, 2001
Authored by Silvio Cesare | Site big.net.au

Stealth Syscall Redirection - This article describes a technique of redirecting system calls without modifying the sys call table (implemented in Linux). This can be used to evade intrusion detection systems that use the sys call table to register redirected or trojaned system calls. The basic premise behind this attack is to modify the old system call code to jump to the new system call, thus control is transferred to the replacement system call and the sys call table is left untouched.

tags | paper, trojan
systems | linux, unix
SHA-256 | b65637f6eb6460d4d82d35adddf11e37ba7cdf38d977e6f9f161d95599528e70
Posted Jun 5, 2001
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.

Changes: Added md5 checksums to the contents of system calls, added cloaking to hide the presence of StMichael, and its symbols. Since StMichael cause the rootkits to not work as expected, we do not want to give away any useful debugging information.
tags | kernel
systems | linux
SHA-256 | 3a46b99429e5f1bbbff87fa24b0ed3404e912a0cc93c119499d0f899367e02a6
Posted Jun 5, 2001
Authored by Ofir Arkin | Site sys-security.com

ICMP Usage in Scanning v3.0 - This paper outlines what can be done with the ICMP protocol regarding scanning. Although it may seem harmless at first glance, this paper includes details on plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.

Changes: Version 3.0 introduces significant changes made to the text. Includes some host based security measures available with Linux based on Kernel 2.4.x and with Sun Solaris 8 and a snort rule base for dealing with the ICMP tricks illustrated within the text.
tags | paper, protocol
SHA-256 | 75cc3f1aca7052c3ce41ac23e57dd34c03d0762e2b433480c810bfd580de6b74
Posted Jun 4, 2001
Authored by Georgi Guninski | Site guninski.com

Georgi Guninski security advisory #46, 2001 - There is a buffer overflow in SunOS 5.8 x86 with $HOME and /usr/bin/mail leading to egid=mail. Includes exploit.

tags | exploit, overflow, x86
systems | solaris
SHA-256 | e879b1c4adebb7537847ceb4679cff3cda7379230d9c135006e688aecdd1a01e
Posted Jun 4, 2001
Authored by Todd J. | Site packetstormsecurity.com

Packet Storm new exploits for May, 2001.

tags | exploit
SHA-256 | f57f3b5f09f5712f1bd0ed4dd43383a800ec94fcc48e9e6646e82555f0ff4323
Posted Jun 4, 2001
Authored by Thomas Linden | Site nabou.org

nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.

Changes: While 1.7 fixed many bugs, it included some new ones. Everybody who has 1.7 in use is urged to upgrade to 1.8. Directory recursion and some other ugly bugs have been fixed. Two new statements are available, and all features of the program have been tested before release.
tags | tool, perl, intrusion detection
systems | unix
SHA-256 | 010142ce00991528e4574140d8f28405e7b861e6f089ed82898daee29a17273d
Posted Jun 4, 2001
Authored by Xie Hua Gang | Site lids.org

The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection. LIDS FAQ available here.

Changes: Ported to kernel v2.4.5, bugfixes, fixes for qmail, restrictions for LIDS mode switching on specified terminals, and adds code cleanups.
tags | kernel, root
systems | linux
SHA-256 | 0eb9c8337d0ebff278320b37447da70b318ca4e6736a28aa3be2e2df4fdb8d00
Posted Jun 4, 2001
Authored by Paul L Daniels | Site inflex.co.za

Inflex is an email scanner which encapsulates your existing sendmail server setup. It scans both incoming and outgoing email and it does not alter your current /etc/sendmail.cf file. It can scan for email viruses, unwanted file types (eg. EXE, BMP, MPEG) and file names (eg. prettypark.exe). It can also be used to scan for text snippets within emails.

Changes: Updating the ripMIME codebase to 1.0.2; existing users of Inflex can simply upgrade ripMIME.
systems | unix
SHA-256 | f70118b80638e150eb79b426f90b366b3cf8a6ef15a2b8d1d4ac1a9e87a63e47
Page 1 of 2

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By