seeing is believing
Showing 1 - 25 of 42 RSS Feed

Files Date: 2011-07-05

ISC BIND 9 Magic Packet Denial Of Service
Posted Jul 5, 2011
Site isc.org

A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time. A remote attacker would need to be able to send a specially crafted packet directly to a server running a vulnerable version of BIND. There is also the potential for an indirect attack via malware that is inadvertently installed and run, where infected machines have direct access to an organization's nameservers. Versions affected are 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3, and 9.8.1b1.

tags | advisory, remote, denial of service
advisories | CVE-2011-2464
MD5 | 84c626afaf500eab35fe70eb924473f1
Debian Security Advisory 2272-1
Posted Jul 5, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2272-1 - It was discovered that BIND, a DNS server, does not correctly process certain UPDATE requests, resulting in a server crash and a denial of service. This vulnerability affects BIND installations even if they do not actually use dynamic DNS updates.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2011-2464
MD5 | 611ba3051641dca737afe777d75a753f
Red Hat Security Advisory 2011-0920-01
Posted Jul 5, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0920-01 - The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.

tags | advisory, remote, root
systems | linux, redhat
advisories | CVE-2011-1526
MD5 | ce9e3b174aac2bfe752ab774c1f34bfb
Red Hat Security Advisory 2011-0919-01
Posted Jul 5, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0919-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio subsystem in qemu-kvm did not properly validate virtqueue in and out requests from the guest. A privileged guest user could use this flaw to trigger a buffer overflow, allowing them to crash the guest or, possibly, escalate their privileges on the host. It was found that the virtio_queue_notify() function in qemu-kvm did not perform sufficient input validation on the value later used as an index into the array of virtqueues. An unprivileged guest user could use this flaw to crash the guest or, possibly, escalate their privileges on the host. Various other issues were also addressed.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2011-2212, CVE-2011-2512
MD5 | acfde0a8bb486c15526f139378b96744
Red Hat Security Advisory 2011-0918-01
Posted Jul 5, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0918-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect. Various other issues were also addressed.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2011-2192
MD5 | b89c4896430d9a6b02a256d23881edd8
Ubuntu Security Notice USN-1163-1
Posted Jul 5, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1163-1 - It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-2464
MD5 | 4b6ff23ad19b6adced57485110a4a018
Ubuntu Security Notice USN-1162-1
Posted Jul 5, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1162-1 - Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4243, CVE-2010-4263, CVE-2010-4342, CVE-2010-4529, CVE-2010-4565, CVE-2011-0463, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1013, CVE-2011-1016, CVE-2011-1017, CVE-2011-1019, CVE-2011-1090, CVE-2011-1163, CVE-2011-1182, CVE-2011-1494, CVE-2011-1495, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1747, CVE-2011-1748, CVE-2011-2022
MD5 | 80b92d9d06991549ea0d7aaf09ed86e4
Breaking The Links: Exploiting The Linker
Posted Jul 5, 2011
Authored by Tim Brown | Site nth-dimension.org.uk

The recent discussion relating to insecure library loading on the Microsoft Windows platform provoked a significant amount of debate as to whether GNU/Linux and UNIX variants could be vulnerable to similar attacks. Whilst the general consensus of the Slashdot herd appeared to be that this was just another example of Microsoft doing things wrong, the author felt this was unfair and responded with a blog post that sought to highlight an example of where POSIX style linkers get things wrong. Based on the feedback received to that post, the author decided to investigate the issue a little further. This paper is an amalgamation of what was learnt.

tags | paper
systems | linux, windows, unix, osx
MD5 | c2e33de59c93dcc1dc48a0dd72ca382f
Defeating Data Execution Prevention And ASLR In Windows XP SP3
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Defeating Data Execution Prevention and ASLR in Windows XP SP3. Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows operating system to make more complicated the task of exploiting software. This document show how these two features can be bypassed using different techniques.

tags | paper
systems | windows, xp
MD5 | a67067e8e0dae7f182a786213b30aed6
Structured Exception Handler Exploitation
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Structured Exception Handler Exploitation. The SEH exploitation technique was publicly documented by David Litchfield September, 2003. At a high-level, the SEH overwrite technique uses a software vulnerability to execute arbitrary code by abusing the 32-bit exception dispatching facilities provided by Windows. At a functional level, an SEH overwrite is generally accomplished by using a stack-based buffer. This document explains SEH details while exploiting a real case.

tags | paper, arbitrary
systems | windows
MD5 | f8f8b7c201e9c3aa447babcb07e1be73
Fake Malware And Virus Scanners
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.

tags | paper, virus
MD5 | 3916443ae896ac2816609b594d4e3753
Potential Dangers Of Active-X Attacks
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Become Fully Aware of the Potential Dangers of Active-X Attacks. Exploiting Active-X components vulnerabilities in Windows has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies. This talk will explain this kind of attack and show how this flaw could be discovered while going through exploitation.

tags | paper, vulnerability, activex
systems | windows
MD5 | 322c439a1fbf4f023f91e7544f8195a6
Client-Side Threats - Anatomy Of Reverse Trojan Attacks
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.

tags | paper, trojan, vulnerability, virus
MD5 | 36054688bba7ebe7679c2a7ea52cb023
Apple Security Advisory 2011-06-28-2
Posted Jul 5, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-06-28-2 - Multiple vulnerabilities exist in Java 1.6.0_24, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.

tags | advisory, java, web, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873
MD5 | 051b523c3d7e7b146dec250349b8e546
FlatPress 0.1010.1 Cross Site Scripting
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

FlatPress version 0.1010.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9833d703138e8223ce504613f90b73ce
CoolPlayer 2.19 Buffer Overflow
Posted Jul 5, 2011
Authored by X-h4ck

CoolPlayer version 2.19 buffer overflow exploit that spawns calc.exe.

tags | exploit, overflow
MD5 | d0bc7f637aa0f47bfb5b7bcac7457200
a-Tech SQL Injection
Posted Jul 5, 2011
Authored by Bl4ck.Viper

a-Tech suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a67132e1003c3e1c025a2fe92ae3fe33
Open-Realty 3.1.5 Cross Site Scripting / SQL Injection
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Open-Realty version 3.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 2613658fef50e6379d10e2321b65f59a
Apple Mac OS X ImageIO TIFF Integer Overflow
Posted Jul 5, 2011
Authored by Dominic Chell | Site ngssoftware.com

A heap overflow is caused by a signedness vulnerability within copyImageBlockSetTiff(). The crash occurs within any application using the framework, including Preview, QuickLook, Safari and Mail.

tags | advisory, overflow
MD5 | ebacce41108e8b62e23fc00b6957ffc9
Mac OS X 10.6.6 Camera Raw Library Memory Corruption
Posted Jul 5, 2011
Authored by Paul Harrington | Site ngssecure.com

A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.

tags | advisory
systems | apple, osx
MD5 | a3df8ed8ad4297d108242b84f54bf029
Cisco VPN Client Privilege Escalation
Posted Jul 5, 2011
Authored by Gavin Jones | Site ngssecure.com

The 64 Bit Cisco VPN Client for Windows 7 is affected by a local privilege escalation vulnerability that allows non-privileged users to gain administrative privileges.

tags | advisory, local
systems | cisco, windows, 7
MD5 | 6f571c29575fc6937d4b8ca7e57c2d22
Apple Mac OS X ImageIO TIFF Heap Overflow
Posted Jul 5, 2011
Authored by Dominic Chell | Site ngssoftware.com

Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.

tags | advisory, arbitrary, code execution
systems | apple, osx
advisories | CVE-2011-0204
MD5 | 3d46aea459b5efd1a280dde2c0201cc3
Adobe Reader 5.1 XFDF Buffer Overflow
Posted Jul 5, 2011
Authored by extraexploit

Adobe Reader version 5.1 XFDF buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2004-0194
MD5 | 8eb53369da32eccdb8c5b8a67f5e5b5a
Word Builder 1.0 (DIC File) Stack Buffer Overflow
Posted Jul 5, 2011
Authored by James Fitts, h1ch4m | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Word Builder 1.0. An attacker must send the file to the victim and the victim must open the file.

tags | exploit, overflow
MD5 | 8b2decacb385a51cc1f4731dba3f033f
WordTrainer v3.0 (ORD File) Stack Buffer Overflow
Posted Jul 5, 2011
Authored by James Fitts, C4SS!0 G0M3S | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in WordTrainer v3.0. An attacker must send the file to the victim and the victim must open the file.

tags | exploit, overflow
MD5 | 91922f12518d1931de6138babb9ec1cc
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close