Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
e6447d4842b6e3c1dad9bc8268edb9d3c08ff57486dc37dcdd5f2c4f90eae031Tatsuo Sekine has reported a vulnerability in Fedora, which can be exploited locally to increase privileges via a file race condition.
b37540bb077cfdff9b2923cb16f524415a038f569af71f7ffcf0548e53efad9cMozilla and Firefox are susceptible to a couple of flaws that allow for remote code execution under the guise of the local zone.
91aed3631daa564efb231ee3fd4a66218ac72fd75cfc8bcf98ec0c7ca75996bbWhite paper covering the topic of upload systems written in ASP. Many upload systems written in ASP suffer from a common problem whereby a NULL byte can be inserted into the filename parameter leading to any extension, after the null byte, being ignored when writing the file. This means that in some cases it is possible to bypass checks for valid extensions, even if one is appended by the application.
e3b3b4f30a2a0648c126c82e8737baf56f8691cabd9319b9cf8a4dd23890ba6fPhrack Magazine Issue 62 - In this issue: Bypassing Win BO Protection, Kernel Mode Backdoor for NT, Advances in Windows Shellcode, UTF8 Shellcode, Attacking Apache Modules, Radio Hacking, Win32 Portable Userland Rootkit, Bypassing Windows Personal Firewalls, A DynamicPolyalphabeticSubstitutionCipher, and more.
ce5a1cdbcd88fe8e1bdaebec9d5a15714f8d4c25d94312740b9f0e86ad2f877ciDEFENSE Security Advisory 07.08.04: Exploitation of a buffer overflow vulnerability in Adobe Reader 6.0 could allow remote attackers to execute arbitrary code.
383f49d320c1476f969425a1c81ec1d0967ef361ec302931087af4274d7646ebiDEFENSE Security Advisory 07.09.04: The wv library has been found to contain a buffer overflow condition that can be exploited through a specially crafted document.
8e6f42ccaddef8a6b4007bf499d26f516872c7ced4979868d2e3839a3fa4ce4d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed