Twenty Year Anniversary
Showing 1 - 18 of 18 RSS Feed

Files Date: 2011-12-27

FreeBSD Security Advisory - telnetd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser).

tags | advisory, arbitrary, root, protocol
systems | freebsd
advisories | CVE-2011-4862
MD5 | 3f3e697e2ae19d73a5dbaaa61c9f7128
FreeBSD Security Advisory - Chrooted ftpd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The nsdispatch API has no mechanism to alert it to whether it is operating within a chroot environment in which the standard paths for configuration files and shared libraries may be untrustworthy. The FreeBSD ftpd daemon can be configured to use chroot, and also uses the nsdispatch API.

tags | advisory
systems | freebsd
MD5 | 07e28abb4e87d4c9ebb11746c5dc884f
FreeBSD Security Advisory - named Denial Of Service
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - A remote attacker could cause the BIND resolver to cache an invalid record, which could cause the BIND daemon to crash when that record is being queried.

tags | advisory, remote
systems | freebsd
advisories | CVE-2011-4313
MD5 | 202eb81ad3351bede6727b38f35e142f
GNUnet P2P Framework 0.9.1
Posted Dec 27, 2011
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This is a bugfix release. Noteworthy improvements include improved keyword extraction from filenames, a better heuristic for file-sharing content migration, and a significant traffic reduction for the network-size estimation protocol. The code now distinguishes between LAN and WAN for bandwidth consumption. Bugfixes include an increased FD_SETSIZE on W32, corrected struct alignment for network messages on W32, and fixes of various crashes (in the datastore, file-sharing, transport, ATS, and hostlist subsystems).
tags | tool, web, udp, tcp, peer2peer
systems | unix
MD5 | f5ff4c6a87e7b24047319af46113e5c3
Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, kernel, peer2peer
systems | linux
MD5 | df3483be59902af9d960ed7c9efe4867
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, x86, kernel, peer2peer
systems | linux
MD5 | 7aa2385971f6e137067fd55c0186a07b
Tor-ramdisk i686 UClibc-based Linux Distribution MIPS 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, kernel, peer2peer
systems | linux
MD5 | 146761052e316a2e6cf294bd0a5e15d1
Red Hat Security Advisory 2011-1852-02
Posted Dec 27, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1852-02 - The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2011-4862
MD5 | 6c7683b7125699ca46a48bf0b8ca0900
Red Hat Security Advisory 2011-1851-01
Posted Dec 27, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1851-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third- party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2011-4862
MD5 | 2b49cd0a86b3f8e834bce0b24f454126
tForum b0.915 Cross Site Scripting / SQL Injection
Posted Dec 27, 2011
Authored by snup

tForum version b0.915 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 2815b4455fb5048356575e0ade707f21
Mandriva Linux Security Advisory 2011-194
Posted Dec 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-194 - A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-4599
MD5 | d448a8d685c1b530b35237c09c4c0266
Mandriva Linux Security Advisory 2011-193
Posted Dec 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-193 - The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-4096
MD5 | 204d6a758173cbebf5cd8a0870b4bb6f
VIOCAM Sites SQL Injection
Posted Dec 27, 2011
Authored by Cyber White Hats

VIOCAM Sites software suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5ada7484ccaf85eaa23b68741b6d406a
Majalty Group Sites SQL Injection
Posted Dec 27, 2011
Authored by Cyber White Hats

Majalty Group Sites software suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 574edd01d94841bbeddd18083ea48180
NIELD (Network Interface Events Logging Daemon) 0.21
Posted Dec 27, 2011
Authored by Tetsumune KISO | Site github.com

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.

Changes: This release adds a support of gretap interface, and minor bugfixes.
tags | tool, kernel, system logging
systems | linux, unix
MD5 | 95bae76fee42fcb530e388651fe54d84
phpMyAdmin Session Serialized Code Execution
Posted Dec 27, 2011
Authored by M4g

phpMyAdmin versions prior to 3.3.10.2 and 3.4.3.1 Session Serializer arbitrary PHP code execution exploit.

tags | exploit, arbitrary, php, code execution
MD5 | 42f574662157048cedc6e0301a3c992b
Installing I2p On Backtrack
Posted Dec 27, 2011
Authored by r45c4l

This is a detailed paper on how to install I2P on BT5 and configure it with some of the features.

tags | paper
MD5 | 45a87965b6d5e1cf2c6c03997f065ebe
Telnetd encrypt_keyid Remote Root
Posted Dec 27, 2011
Authored by NighterMan

Telnetd encrypt_keyid: remote foot function pointer overwrite exploit.

tags | exploit, remote
MD5 | 8a65985a8e9abfc3da988126222a0051
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    1 Files
  • 18
    Nov 18th
    1 Files
  • 19
    Nov 19th
    3 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close