SuSE Security Advisory SuSE-SA:2002:033 - SuSE Linux warns its users about several packages that were statically linked against vulnerable OpenSSL libraries. The affected packages are mod_ssl, sendmail-tls, openssh and freeswan.
6b94b19199a9b179d3322e3c41060547982cff8e5dde5d7eace93f5e6e6e2eebEntropy Gathering And Distribution System (EGADS) 0.9.5 is a system service and library for providing secure random numbers. It contains an implementation of the TINY pseudo-random number generator and the Tiny entropy gateway. Tiny is an evolution of Yarrow, and was designed by John Kelsey (an original designer of Yarrow) and John Viega. EGADS provides the same kind of functionality as /dev/random and /dev/urandom on Linux/Unix and runs as a service on Window systems.
226bd0bf825c9f077b781f3229ca076542e92c9dc078387c4b41c0770081fcb1nbtstat is a NetBIOS name lookup tool. This tool provides similar functionality as the nbtstat package by Todd Sabin.
631d06ed5ab62c8e09176aacdd3b3916bedf336095ec0c415116bb6ae0ceb738Linux proof of concept exploit for a local buffer overflow in GNU Awk 3.1.0-x.
f62fd32136729fe65cb7f634394e8934f10a695c31a7af7773e53edb7313938dCompress v4.2.4 local test exploit for Linux systems.
318d7c70b2f38ab00a126f8d8729d585057a31c6d27afedab4e35dbadedd86bcWindows exploit for the SphereServer Ultima Online Roleplay Server v0.5x for Linux, FreeBSD, and Win32 which runs on tcp port 2593 and contains a denial of service vulnerability.
a64dae8c58f0d75a11ad1e08404fc73668bcf42f4df4deefbba515c05aae8215Qstat 2.5b local root exploit for Linux. Tested on Debian GNU/Linux (Woody). Since Qstat is not SUID by default this script is not useful for gaining more access to a linux system.
0d005a95b831a74d01a12035f653c2f4e07221122ab18b3bb24edc23fa876100The Cisco SIP-based IP Phone 7960 contains severe vulnerabilities which allow complete control of a user's credentials; total subversion of a user's settings for the IP Telephony network, and the ability to subvert the entire IP Telephony environment. Malicious access to a user's credentials enables "Call Hijacking", "Registration Hijacking", "Call Tracking", and other voice related attacks.
775d0f76b0e61116c24faadb64e4e6d7c65c070d2fdff3244d75ff800336571fGuardeonic Solutions Security Advisory #02-2002 - The DB4Web application server can be used by remote users to open TCP connections to other hosts. This could be use to bounce a portscan.
d09008dae34e77a5600c238038da596ba939b99f2cacbf25ee3d07895dfcbfa0Guardeonic Solutions Security Advisory #01-2002 - The DB4Web Application Server for Linux, Unix, and Windows can be accessed with malicious URLs allowing users to download any readable file on the server. Exploit URL's included.
97fbf379d789be0c379499bd4276220c2b084d6420f0cbae8ecd29fc7fb1cee7A malicious user can issue a malformed HTTP request and cause the IBM Websphere webserver v4.0.3 and below to crash. Tested against Windows 2000 Server. Patch available here.
73edcf7610e2a16e3516da49227b994a97becdd7d1f75b60517877ec6095d46eStenographied File Transfer Using Posix File Locks - How to transfer information to other users on secure systems by communicating with locked files. Includes some sample code that uses 32 locked files to transfer data on Posix systems.
946de361a7741cef70570cb8e2a840356929f865101a429898f20fd3d294b852Exploit for the PRIVMESG remote denial of service vulnerability that exists in Trillian v.73 and .74 which sends an overflow in the ident connection. Compiles on Unix based OS's.
94990303975887d9eb08dd573d347b40982b8656ef24da60ab7988959f5e4e9bJohn the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well. This is the current development version which offers significant performance improvements over the 1.6 release, but no documentation and charset files are provided, and more testing is needed.
3a058143eaf395e394f2e549b989d25f8028e9d5ad8875b46c31d99be6ecbb89
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed