what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

Files Date: 2011-11-27

Stunnel SSL Wrapper 4.48
Posted Nov 27, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: FIPS-compliant OpenSSL DLLs are supplied with the Windows installer. FIPS mode can be disabled with the "fips = no" configuration file option. The stability of the Windows GUI was also improved.
tags | tool, arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | b2f4dddfb3415d42bf4ed8f1feb7af19
John The Ripper 1.7.9
Posted Nov 27, 2011
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: OpenMP parallelization of MD5-crypt and bitslice DES has been added. DES key setup has been reworked. x86-64 assembly code for DES S-boxes has been optimized. Support for DES-based tripcodes has been added. Larger hash table sizes for faster processing of millions of hashes per salt have been added. Detection of Intel AVX and AMD XOP with fallback to an alternate program binary has been added. Fallback to a non-OpenMP build has been added. A benchmark result comparison tool has been added. The bundled common passwords list has been updated. Many minor enhancements and a few bugfixes were made.
tags | tool, cracker
systems | windows, unix, beos
MD5 | 2b448547109db3777d8068145ea69ddf
Mandriva Linux Security Advisory 2011-179
Posted Nov 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-179 - The addmntent function in the GNU C Library 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, local
systems | linux, osx, mandriva
advisories | CVE-2011-1089, CVE-2011-1659, CVE-2011-2483
MD5 | f4a5883b938edc452a314e4c2ec2e3df
Debian Security Advisory 2353-1
Posted Nov 27, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2353-1 - David Wheeler discovered a buffer overflow in ldns's code to parse RR records, which could lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2011-3581
MD5 | 98b90915493248af32ee4769020b4f94
ARP Toxin Cache Poisoner
Posted Nov 27, 2011
Authored by infodox

ARP Toxin is a simple Perl script designed to ARP poison a host on the LAN. It uses Nemesis as a packet crafting tool to create and send the ARP packets. It is NOT original code, merely a slightly improved version of the sample arpredirect script from the book "Hacking: The Art of Exploitation". This variant allows one to set their own poisoning interval and interface to poison on.

tags | tool, perl
systems | unix
MD5 | e92c2a88da193a2857879d6593066017
Titan FTP Server 8.40 Denial Of Service
Posted Nov 27, 2011
Authored by Houssam Sahli

Titan FTP Server version 8.40 suffers from a denial of service condition that leads to a kernel crash.

tags | exploit, denial of service, kernel
MD5 | 67145855a6ec2d806a6823307f2f936c
PHP Video Script SQL Injection
Posted Nov 27, 2011
Authored by longrifle0x

PHP Video Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | c503ed4faecdb504a93219a7b5bcc857
#breaking80211 Whitepaper
Posted Nov 27, 2011
Authored by Aetsu

This whitepaper goes into detail on how to break 802.11 detailing the various attack methodologies and tools needed to perform the attacks. Written in Spanish.

tags | paper
MD5 | 030b8153f8f76e124ea858589fa63108
Ubuntu Security Notice USN-1281-1
Posted Nov 27, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1281-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-2183, CVE-2011-2479, CVE-2011-2491, CVE-2011-2494, CVE-2011-2495, CVE-2011-2496, CVE-2011-2517, CVE-2011-2905, CVE-2011-2909, CVE-2011-3363
MD5 | aecce7ab016e9e29fd83a81e5038ab8d
Page 1 of 1

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    19 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2019 Packet Storm. All rights reserved.

Security Services
Hosting By