what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files Date: 2002-08-06

Posted Aug 6, 2002
Site cert.org

CERT Advisory CA-2002-25 - The Sun Microsystems XDR library contains overflows which lead to exploitable vulnerabilities in many applications. The xdr_array() function commonly used in RPC calls is the source of the vulnerabilities. Specific impacts reported include the ability to execute arbitrary code with root privileges (by exploiting dmispd, rpc.cmsd, or kadmind, for example). In addition, intruders who exploit the XDR overflow in MIT KRB5 kadmind may be able to gain control of a Key Distribution Center (KDC) and improperly authenticate to other services within a trusted Kerberos realm.

tags | overflow, arbitrary, root, vulnerability
advisories | CVE-2002-0391
SHA-256 | 209ab6a8dd466964ffdd192ca43c9244406693927eabbe8e3aa6da1189f63d36
FreeBSD Security Advisory 2002.37
Posted Aug 6, 2002
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-02:37 - Local users can cause a kernel panic using the kqueue system. If a pipe was created with the pipe(2) system call, and one end of the pipe was closed, registering an EVFILT_WRITE filter on the other end would cause a kernel panic.

tags | kernel, local
systems | freebsd
SHA-256 | 18ab150b52ce585a4c7a0ec2f65b535359a1e43a56079bd38c7a0cc792ed51b4
FreeBSD Security Advisory 2002.36
Posted Aug 6, 2002
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-02:36 - A denial of service vulnerability has been discovered in FreeBSD NFS. A part of the NFS server code charged with handling incoming RPC messages had an error which, when the server received a message with a zero-length payload, would cause it to reference the payload from the previous message, creating a loop in the message chain. This would later cause an infinite loop in a different part of the NFS server code which tried to traverse the chain.

tags | denial of service
systems | freebsd
SHA-256 | 4fdb16c1217014bf315623bd4cf8b0cb08cc40ca829261bc2ec12ae5ef0b4aae
FreeBSD Security Advisory 2002.35
Posted Aug 6, 2002
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-02:35 - FFS, the default FreeBSD filesystem has an overflow in the maximum permitted FFS file size which allows users to create files that are larger than FreeBSD's virtual memory system can handle. The integer overflows that result when such files are accessed can map filesystem metadata into the user file, permitting access to arbitrary filesystem blocks. The bug is encountered only on FFS filesystems with a block size of 16k or greater on the i386 architecture, or 32k or greater on the alpha architecture.

tags | overflow, arbitrary
systems | freebsd
SHA-256 | 5382dcd140d23381121af16e97a58b46adf01d26b3ac54205c8672080fc63de3
FreeBSD Security Advisory 2002.33
Posted Aug 6, 2002
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-02:33 - OpenSSL prior to v0.9.6e contains several remotely exploitable buffer overflows, including errors in the handling of the client master key in the SSL2 protocol implementation; the handling of the session ID in the SSL3 protocol; and in the handling of buffers used for representing integers in ASCII on 64-bit platforms. Disabling the SSL2 protocol in server applications should render server exploits harmless. There is no known workaround for client applications.

tags | overflow, protocol
systems | freebsd
SHA-256 | 83bbc8a0b3d5053c48708c3bfd3faa3d4dc05476ff101ba705ac7e26925b6084
Posted Aug 6, 2002
Site cert.org

CERT Advisory CA-2002-24 - OpenSSH was trojaned from July 30 to Aug 1, allowing remote attackers to execute commands over a port 6667 connection. Versions openssh-3.2.2p1.tar.gz, openssh-3.4.tgz, and openssh-3.4p1.tar.gz were replaced. In the future check the GPG signature.

tags | remote, trojan
SHA-256 | dcd06633f5934d1120c3dd07848d9d35cf05dfbc25e3740fd0398dd1ff480c2c
Nmap Scanning Utility 3.00
Posted Aug 6, 2002
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, SYN/FIN scanning using IP fragments to bypass firewalls, TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, uptime calculation, and Reverse-ident scanning. Most UNIX and Windows platforms are supported in both GUI and command-line modes, along with several popular handheld devices. Screenshot available here.

Changes: New stable release! Includes bug fixes and more fingerprints.
tags | tool, remote, udp, tcp, protocol, nmap
systems | windows, unix
SHA-256 | 459b1446eb6a3dc9546f653e6e2ccef38730c565359401d5438ab6c8f44dae74
Page 1 of 1

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By