Microsoft Security Advisory MS01-044 - Five new security vulnerabilities have been discovered in IIS 4.0 and 5.0. A buffer overrun vulnerability involving the code that performs server-side include (SSI) directives. An attacker with the ability to place content onto a server can include a malformed SSI directive that, when the content was processed, results in code of the attacker's choice running in Local System context. A privilege elevation vulnerability results because of a flaw in a table that IIS 5.0 uses. The vulnerability results in any file whose name matched that of a file on the list would run in-process. Three denial of service vulnerabilities have been discovered, one of which keeps IIS 5.0 from serving content until the admin removes the spurious entry from the File Type table for the site. A cumulative patch for IIS has been released which fixes these bugs and includes the functionality of all security patches released to date for IIS 5.0, and all patches released for IIS 4.0 since Windows NT(r) 4.0 Service Pack 5. Microsoft FAQ on these issues available here.
86a6c34ac8613bb7c6bdccb36a4617a7d4f8e84039dccfea1658e58b76fba2aaNetWare Enterprise Web Server 5.1 has a couple security problems - When NDS browsing via the web server is enabled, if an attacker can reach that server's port 80 they can enumerate information such as user names, group names, and other system information. In addition, poor handling of GET commands will allow for GroupWise WebAccess servers to display indexes of the directories instead of HTML files.
adf0654a73f370790f57c8f495e47ab5ce8db6242f05e002639e1d51d2ce342fGhost Port Scan is an advanced port scanner and a firewall rule disclosure tool. Uses IP & ARP spoofing, sniffing, stealth scanning to provide pen-testers and admins with software that allows them to test the settings of a remote host, even if it is firewalled.
a561efdf4a81c7e763675ced7458466594fcec703c1f87710d5f425a558e7508DSNS is advanced network scanner for Windows 2000. It uses fast and stealthy SYN scanning to find open ports and is able to probe the services that are running on that ports. So you can check proxies, scan for SMTP relaying hosts and more. Screenshot available here.
d730c6535d1594939bc89fc7becab3112945080010d45ce8ec3c6422996a8b49PHP-Nuke Written by Sequioa Software contains sendmail.php, which allows remote users to execute commands and see files on the web server.
15b60f966f6d41df63275f87611839fefc622ea85815d79655554d3868a7aa03Achilles is a tool for Windows designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session?s data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
ce594acde232ad4a7b74271391c27bc59ffbfc1f8099e11abf4fda4049d4df40Security Holes in Remedy Client Installer - Due to improper handling of temporary files, the installer program for Remedy Software's Action Request System client for unix can allow local users to gain root privileges. Tested on Solaris 2.6 and 8, using the installer for AR 4.5.1. Other platforms are likely vulnerable as well.
c95b5fdfab0923436993b9af56b0a4a3494ae9311cfd445be9ca1fe847a44131Local root compromise in MicroFocus Cobol for Solaris/Sparc - If the AppTrack feature is enabled, the default install of MicroFocus Cobol 4.1 can be tricked into running code as root due to a permission problem.
6be64d2889f4def783b33e0ef5fcbe35a375d34660178a987267aed924cd2601Taranis redirects traffic on switch hardware by sending spoofed ethernet traffic. This is not the same as an ARP poisoning attack as it affects only the switch, and doesn't rely on ARP packets. Plus, it is virtually invisible because the packets it sends aren't seen on any other port on the switch. Evading detection by an IDS that may be listening on a monitoring port is as simple as changing the type of packet that is sent by the packet spoofing thread.
55677af0b5be5d2fdd1fca759e87ee3dd12d7484052a0dead1e36a389f6542c5Phrack Magazine Issue 57 - In this issue: IA64 shellcode, Ethernet Spoofing with Taranis, ICMP based OS Fingerprinting, Vudo Malloc Tricks, Once upon a free(), Against the System: Rise of the Robots, Holistic approaches to attack detection, NIDS on Mass Parallel Processing Architecture, Modern SSL Man-in-the-middle attacks, Architecture Spanning Shellcode, Writing ia32 Alphanumeric Shellcode, Cupass and the Netuserchangepassword Problem, Phrack World News, Phrack Loopback, and Linenoise.
7d7d5e63b2e6f015a2b392c8f1d5487fdf5a081fa2495efeb1bf9c6d0efd62c6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed