exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2011-12-28

Mandriva Linux Security Advisory 2011-196
Posted Dec 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-196 - ipmievd as used in the ipmitool package uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. In Mandriva the ipmievd daemon from the ipmitool package does not have an initscript to start and stop the service, however one could rather easily craft an initscript or start the service by other means rendering the system vulnerable to this issue. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2011-4339
SHA-256 | e7ceb452eacf5294054577ed0e7859c33ab09a7e6112efc684299aa6865ac1a1
Hash Table Collisions
Posted Dec 28, 2011
Authored by Alexander Klink, Julian Walde | Site nruns.com

Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.

tags | advisory
advisories | CVE-2011-4815
SHA-256 | 5ba7d905a60a09b9e51b4bfc83a4c27718fe15666e0535630b7937cc69f6152f
MIT krb5 Security Advisory 2011-008
Posted Dec 28, 2011
Site web.mit.edu

MIT krb5 Security Advisory 2011-008 - The telnet daemon (telnetd) in MIT krb5 (and in krb5-appl after the applications were moved to a separate distribution for krb5-1.8) is vulnerable to a buffer overflow. The flaw does not require authentication to exploit. Exploit code is reported to be actively used in the wild.

tags | advisory, overflow
advisories | CVE-2011-4862
SHA-256 | 94f4852b4ef0d480fd44f6fff8a1a449daff42441b00c788d6970db82695afc2
Mandriva Linux Security Advisory 2011-195
Posted Dec 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-195 - A vulnerability has been discovered and corrected in krb5-appl, heimdal and netkit-telnet. An unauthenticated remote attacker can cause a buffer overflow and probably execute arbitrary code with the privileges of the telnet daemon. In Mandriva the telnetd daemon from the netkit-telnet-server package does not have an initscript to start and stop the service, however one could rather easily craft an initscript or start the service by other means rendering the system vulnerable to this issue. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-4862
SHA-256 | 088c8d790f512be759b35321724ad47890342945dbacb0e3d9083cc426187e2c
DoS Attacks And Mitigation Techniques
Posted Dec 28, 2011
Authored by Subramani Rao

Whitepaper called Denial of Service attacks and mitigation techniques: Real time implementation with detailed analysis. Unlike other theoretical studies, this paper lays down the steps involved in implementing these attacks in real time networks. These real time attacks are measured and analyzed using network traffic monitors. In addition to that, this project also details various defense strategies that could be enabled on Cisco routers in order to mitigate these attacks. The detection and mitigation mechanisms designed here are effective for small network topologies and can also be extended to analogous large domains.

tags | paper, denial of service
systems | cisco
SHA-256 | f1811013d7d890533de92c4b33eb002cc4aea6e5e46e851c9ffe27c39fa5f389
FreeBSD Security Advisory - pam_start() Improper Validation
Posted Dec 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an application can craft their own policies and cause the application to load and execute their own modules. If an application that runs with root privileges allows the user to specify the name of the PAM policy to load, users who are permitted to run that application will be able to execute arbitrary code with root privileges.

tags | advisory, arbitrary, local, root
systems | freebsd
advisories | CVE-2011-4122
SHA-256 | 685c68cd0d879191a8f6e9dd16fb3ba8d2d61b100f23301bbe8d7f9cde467b5e
FreeBSD Security Advisory - pam_ssh Improper Access Grant
Posted Dec 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pam_ssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate themselves by providing a dummy passphrase. If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys.

tags | advisory
systems | freebsd
SHA-256 | 3f9adbe4371e9a27a25b335c20511c3b4a8582a5127ca9a55c06862e006c1268
Plone and Zope Remote CMD Injection Exploit
Posted Dec 28, 2011
Authored by TecR0c, Nick Miles, Plone Security team | Site metasploit.com

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

tags | exploit, remote, arbitrary, python
advisories | CVE-2011-3587
SHA-256 | d488e05390fc02274354b9eb2deb35cb28a9702082aeccf1b3d64435758ea353
Linux BSD-derived Telnet Service Encyption Key ID Buffer Overflow
Posted Dec 28, 2011
Site metasploit.com

This Metasploit module exploits a buffer overflow in the encryption option handler of the Linux BSD-derived telnet service (inetutils or krb5-telnet). Most Linux distributions use NetKit-derived telnet daemons, so this flaw only applies to a small subset of Linux systems running telnetd.

tags | exploit, overflow
systems | linux, bsd
advisories | CVE-2011-4862
SHA-256 | bb350fce364cccea32d543a818c1ec5ccbfecf4e11c746fbe8c7d8b76c2cfd89
FreeBSD Telnet Service Encyption Key ID Buffer Overflow
Posted Dec 28, 2011
Site metasploit.com

This Metasploit module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service.

tags | exploit, overflow
systems | freebsd
advisories | CVE-2011-4862
SHA-256 | 5c027aef49c6a33044ddd945cfc6d9db2dfdaac94f49b241b9d556902a49848a
Secunia Security Advisory 47348
Posted Dec 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Kerberos, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | acded041cda02e4e3d59b3cde944830d45625de300c6fee114da710417fc54c3
Secunia Security Advisory 47328
Posted Dec 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Mailing List plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | a4a45f784900f393ec9b67aa538aa4764438ec5b192357bff7d03aa0455f883f
Secunia Security Advisory 47342
Posted Dec 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openswan. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
SHA-256 | b0dfdc798a5c9dccb21e03e20faf64ada3a91aae607a956c6991127856f5fc86
Secunia Security Advisory 47375
Posted Dec 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in AirOS, which can be exploited by malicious people to bypass certain security features.

tags | advisory
SHA-256 | 13ccb23946e03420bb12718ff2bd98f6dafb4049ce6affb6dc4a973e65302c8b
Secunia Security Advisory 47341
Posted Dec 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for krb5 and krb5-appl. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, debian
SHA-256 | 7d83aa6c255db315344a341862eb0c3d82513e47db652e0e8ba8145e7563e3dc
Secunia Security Advisory 47403
Posted Dec 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in AirOS, which can be exploited by malicious people to bypass certain security features.

tags | advisory
SHA-256 | 8279c69737b4f8fae1c664728d54eb21e6679334bad5d43630e2c56349cd3f66
Secunia Security Advisory 47367
Posted Dec 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Francois Harvey has discovered a vulnerability in vtiger CRM, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 9e2160a497daaa7c509714a388c2909ccc36e0786d8ca689bc24b6574c52a8e9
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close