Uninformed is pleased to announce the release of its sixth volume. This volume includes 3 articles on reverse engineering and exploitation technology. These articles include - Engineering in Reverse: Subverting PatchGuard Version 2, Engineering in Reverse: Locreate: An Anagram for Relocate, Exploitation Technology: Exploiting 802.11 Wireless Driver Vulnerabilities on Windows. PDFs of all articles and related code are included in this tarball.
77ce1bc8aec65cc4a56356bef955197cab0127a53332ee6046b934865b61016f
Mandriva Linux Security Advisory - Fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
9ae09d57d9ff020d864b9569e5e17e2aea52648d89cd2e3b9c47ad4148760743
Mandriva Linux Security Advisory - SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the second or third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.
4180b3cd621c2af8f68cb6c5a6db1d83b0ba017cc150b6ba8ebb8560e34ecd00
Mandriva Linux Security Advisory - hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
a2153161375c85054b2a297202b2fcf5ecab050726d6e7fa45843826bc04e926
Gentoo Linux Security Advisory GLSA 200701-10 - When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error messages in wp-login.php based upon whether or not a user exists. David Kierznowski has discovered that WordPress fails to properly sanitize recent file information in /wp-admin/templates.php before sending that information to a browser. Versions less than 2.0.6 are affected.
34d7811644496094a6c2edd78e8abb4236900b727cb2a882654ec92cd37f45d0
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
98f5d6e5a7a64acc331add2e90596b43b28c32d0427c68c52bbea20a8ac79aae
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
e8e5c1a42f50d0f03956b41bf1c59ba561b1b34b46407fe8f71b1df6c0b23d6b
Debian Security Advisory 1249-1 - Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation or denial of service.
ed5d69ac62299e4332a836ee6f8b8eb2430a4754a55340e4c65197ed22882f54
TFTPDWIN version 0.4.2 remote buffer overflow exploit.
e724fe199ca4d5e5a07bb6f90f052bc00ca8afcef913ba5252f577b1d730625d
Mercur Messaging 2005 IMAP remote buffer overflow exploit.
649b1fde3c13ae9c52cbaf05b122cbce2c70938b002e95398d2969941beb60c1
KGB versions 1.9 and below local file inclusion exploit that makes use of sesskglogadmin.php.
8fd9be6f9157e3b2d3cd4d5abe0b1a4335159f2899aff72be8ebfeacbdb7ee00
Kaspersky Antivirus version 6.0 local privilege escalation exploit.
0ee25edafeac4992843e0e61d1ebbd53e92782b9e400cda1b22adb5b293b1336
Gentoo Linux Security Advisory GLSA 200701-09 - By specifying an unsupported address family in the arguments to a LPRT or LPASV command, an assertion in oftpd will cause the daemon to abort. Versions less than 0.3.7-r3 are affected.
ef53f91d6a7b1104a098f8055a68effccfa5d3bcb56b5ca6f79cd36da9f4a3bc
A self-protection bypass flaw exists in Outpost Firewall PRO 4.0.
44ee0d70984d6bd9e8c3c0843c736d1b59d27e20f90e5834ce3c05f717480280
Demonstration exploit code for a self-protection bypass flaw that exists in OutPost Firewall PRO 4.0.
f8d92e16dd5182d877773729fadd8b36131a15097314c886a3aecef90393eb14
Ubuntu Security Notice 409-1 - Federico L. Bossi Bonin discovered a Denial of Service vulnerability in ksirc. By sending a special response packet, a malicious IRC server could crash ksirc.
a055491065ea57f4b04c1ced3f58041f349e3f872ae274f4be0a15d5fe648853
Ubuntu Security Notice 408-1 - The server-side portion of Kerberos' RPC library had a memory management flaw which allowed users of that library to call a function pointer located in unallocated memory. By doing specially crafted calls to the kadmind server, a remote attacker could exploit this to execute arbitrary code with root privileges on the target computer.
e079b7c7e47961cfa7ff2d1f16f02981d8f6e75fcf8965a3c0ce46723b5c0d19
Remedy Action Request System 5.01.02 Patch 1267 suffers from a user enumeration flaw.
c91485e8cd570f655024b88b05b5b416846fdf3d0c5163d1c561286d9a1907f4
Okul Web Otomasyon Sistemi suffers from a SQL injection vulnerability.
47a4e0f2901ef6e13d17d86cbf36f3f79a7072f8ffdb33fbe74c86c3a8333c7d
Ubuntu Security Notice 407-1 - Liu Qishuai discovered a buffer overflow in the /proc parsing routines in libgtop. By creating and running a process in a specially crafted long path and tricking an user into running gnome-system-monitor, an attacker could exploit this to execute arbitrary code with the user's privileges.
e49b9c73115df920c7d5ebf0e8cb10f2139db11ddbfee899f0f6a00cbbf7c718
New Oracle Security Paper - How to secure Oracle passwords from rainbow tables and new password cracking patches. Also includes a free audit tool called OraBrute to brute force SYS AS SYSDBA in order to check that it has been secured. Unfortunately by default it is not but can be secured by following this papers recommendations.
d01676e8a88e2d6cb26473a80fe847d360a18ce0fbd1a995aafac93055168522
Rixstep arbitrary file overwrite exploit.
9eccd9f6dbf175ad8c92a11eec4ec5a4f5a636c5041c9cd9055c82b5272d114e
InstantForum.NET software suffers from cross site scripting vulnerabilities.
a9b9988870599cedd07c45eec8acea3df97550383969d1264ea4e50742c8196f
Jax Petition Book suffers from remote file inclusion vulnerabilities.
9b42b3b3cfe94c714c9dd6af4bdb4c8559d623a5ff9a1d79eb73f54ba67e79e0
wcSimple Poll allows for a direct download of the system password.
8e4a72d51348e823a4d46315d5353c268eaeda5c471b1e97131f65f4ddfc412c