all things security
Showing 1 - 18 of 18 RSS Feed

Files Date: 2011-12-27

FreeBSD Security Advisory - telnetd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser).

tags | advisory, arbitrary, root, protocol
systems | freebsd
advisories | CVE-2011-4862
MD5 | 3f3e697e2ae19d73a5dbaaa61c9f7128
FreeBSD Security Advisory - Chrooted ftpd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The nsdispatch API has no mechanism to alert it to whether it is operating within a chroot environment in which the standard paths for configuration files and shared libraries may be untrustworthy. The FreeBSD ftpd daemon can be configured to use chroot, and also uses the nsdispatch API.

tags | advisory
systems | freebsd
MD5 | 07e28abb4e87d4c9ebb11746c5dc884f
FreeBSD Security Advisory - named Denial Of Service
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - A remote attacker could cause the BIND resolver to cache an invalid record, which could cause the BIND daemon to crash when that record is being queried.

tags | advisory, remote
systems | freebsd
advisories | CVE-2011-4313
MD5 | 202eb81ad3351bede6727b38f35e142f
GNUnet P2P Framework 0.9.1
Posted Dec 27, 2011
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This is a bugfix release. Noteworthy improvements include improved keyword extraction from filenames, a better heuristic for file-sharing content migration, and a significant traffic reduction for the network-size estimation protocol. The code now distinguishes between LAN and WAN for bandwidth consumption. Bugfixes include an increased FD_SETSIZE on W32, corrected struct alignment for network messages on W32, and fixes of various crashes (in the datastore, file-sharing, transport, ATS, and hostlist subsystems).
tags | tool, web, udp, tcp, peer2peer
systems | unix
MD5 | f5ff4c6a87e7b24047319af46113e5c3
Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, kernel, peer2peer
systems | linux
MD5 | df3483be59902af9d960ed7c9efe4867
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, x86, kernel, peer2peer
systems | linux
MD5 | 7aa2385971f6e137067fd55c0186a07b
Tor-ramdisk i686 UClibc-based Linux Distribution MIPS 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, kernel, peer2peer
systems | linux
MD5 | 146761052e316a2e6cf294bd0a5e15d1
Red Hat Security Advisory 2011-1852-02
Posted Dec 27, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1852-02 - The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2011-4862
MD5 | 6c7683b7125699ca46a48bf0b8ca0900
Red Hat Security Advisory 2011-1851-01
Posted Dec 27, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1851-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third- party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2011-4862
MD5 | 2b49cd0a86b3f8e834bce0b24f454126
tForum b0.915 Cross Site Scripting / SQL Injection
Posted Dec 27, 2011
Authored by snup

tForum version b0.915 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 2815b4455fb5048356575e0ade707f21
Mandriva Linux Security Advisory 2011-194
Posted Dec 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-194 - A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-4599
MD5 | d448a8d685c1b530b35237c09c4c0266
Mandriva Linux Security Advisory 2011-193
Posted Dec 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-193 - The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-4096
MD5 | 204d6a758173cbebf5cd8a0870b4bb6f
VIOCAM Sites SQL Injection
Posted Dec 27, 2011
Authored by Cyber White Hats

VIOCAM Sites software suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5ada7484ccaf85eaa23b68741b6d406a
Majalty Group Sites SQL Injection
Posted Dec 27, 2011
Authored by Cyber White Hats

Majalty Group Sites software suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 574edd01d94841bbeddd18083ea48180
NIELD (Network Interface Events Logging Daemon) 0.21
Posted Dec 27, 2011
Authored by Tetsumune KISO | Site github.com

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.

Changes: This release adds a support of gretap interface, and minor bugfixes.
tags | tool, kernel, system logging
systems | linux, unix
MD5 | 95bae76fee42fcb530e388651fe54d84
phpMyAdmin Session Serialized Code Execution
Posted Dec 27, 2011
Authored by M4g

phpMyAdmin versions prior to 3.3.10.2 and 3.4.3.1 Session Serializer arbitrary PHP code execution exploit.

tags | exploit, arbitrary, php, code execution
MD5 | 42f574662157048cedc6e0301a3c992b
Installing I2p On Backtrack
Posted Dec 27, 2011
Authored by r45c4l

This is a detailed paper on how to install I2P on BT5 and configure it with some of the features.

tags | paper
MD5 | 45a87965b6d5e1cf2c6c03997f065ebe
Telnetd encrypt_keyid Remote Root
Posted Dec 27, 2011
Authored by NighterMan

Telnetd encrypt_keyid: remote foot function pointer overwrite exploit.

tags | exploit, remote
MD5 | 8a65985a8e9abfc3da988126222a0051
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close