Network Associates Security Advisory - Remote Vulnerability in the MMDF SMTP Daemon. A bug in MMDF allows anyone to obtain mail management privileges via the SMTP daemon, and then root. All versions of MMDF prior to 2.43 are vulnerable, including the version included with SCO Openserver.
f2dea4a97da484464ee6e817e263cac11e46e2e3609a0b08a5ca3d921c508355ISIC - 0.05 (IP Stack Integrity Check). Crafts random packets and launches them. Can fix or randomize source/dest IP's and Ports. You can specify the percentage of packets to fragment, to have IP options, to have bad IP versions.... Just about every field can be automagically twiddled. It contains distinct programs for TCP, UDP, ICMP, IP with a randomized protocol field and a program for randomized raw ethernet frames. Compiles and should work using Libnet under OpenBSD, Solaris, Linux and FreeBSD.
78c7539b7de1f443ad0733aae617651355575721464987aa3ba08695eb41d58aDvst8er.bx version 3.5 - BitchX module to encrypt IRC conversations.
32eb36236930a4cb5a0b01471a782bb081d0f137ff2cc078e7b1b3e956ba7426Windows Security Alert - Two new risks were reported today: Microsoft reported a problem with its Systems Management Server 2.0 that allows an intruder to gain elevated privileges on the system and network, and Georgi Guninski reported a problem with WordPad that may allow unwanted code to execute on the desktop. According to the report, an exploit can be launched using a Web page and IE. Microsoft is aware of the problem, however no official response was known at the time of this writing.
1bfd8eb16760dc1a28c84405f40d0590d9e886eafe4097b331c98342b2e097f2Windows Security Update - February 23, 2000. In this issue: Internet Information Server 4.0 Denial of Service, Windows Autorun.inf Vulnerability, Site Server Commerce User Input Unvalidated, Microsoft Java Virtual Machine Exposes User Files, Windows 2000 Professional Exposes System During Installation, Internet Explorer Exposes Users' Files, Zombie Zapper Helps Shut Down DDoS Attacks, How to Defend Against DoS Attacks, Novell Firewall for NT, SurfinShield Censors Hostile Code, Security for E-Business Documents, Malicious Code Protection Software, and Why Intruders Control Internet Insurance.
ff10183cd7167c4eb30e3a325f9675ee8c2fe21c8defa6a3de1759acf5ab6432Microsoft has released a patch for a vulnerability in Windows Media Services. The vulnerability allows denial of service attacks against a streaming media server. Microsoft FAQ on this issue available here.
d832904d0d88fe9603f93beb52147c755b99286f2ceda68be6dc04a440ce6bddSecurity Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.
1588e920c9fc1c52a983d51eea4ec9c15c628f001e4efc6b8f77a739b63c8010Links to local files can be used to subvert restricted access Windows machines which have access to a web browser. Executable program loggers and restrictions are defeated by using .CPLs. Large problems for network administrators could arise if students and employees, whose access was restricted, start to use the links provided on the document. This one can be used for Windows NT as well.
234de534de460ff560d2c4e10ffc29836b4a4bf3e212c709391e5f346aad8352HAVOC is a random ARP traffic generator which will temporarily hose your ethernet segment.
e5c6da7e285549a3ca48d9c4a8ebfc7703a5fe454264966591225bdb240edc17This makes the same thing with "kiss of death". It crashes TCP stack of win98 boxes. An essential tool for all. Now it cames with parameter support and better performance with multi-thread system. Windows based executable for IGMP DoS attack.
81d6d49b1b77cbe5fcbb5b9901c647fe01da65305f93a654c0afe9fb4f64bea2Remote vulnerabilies in the popular free email software Outblaze
5df78eeac0f105290b292936d7e3625d27b887b8dc7cbd37aa936f63bb2db1d7Easy to understarnd text file explaining the TCP flags.
1c030f8e8e4c7160a326685f5b35462c47bc4ebc8fda48ecb0cd8500baa9ac8dEthFw is an ethernet firewall for the FreeBSD kernel. It consists of a kernel patch and a console application for configuring rules. It can be used to accept or deny mac addresses.
0206854d01f72c2e010a9ed9a4029cbdd0d35fa013cbc4ff035a646510647e15Debian 2.1 local exploit - A vulnerability exists in the apcd package shipped with Debian 2.1.
20e0a1a9330cb3eb2152bce084249704d36e1eadd4f26b6d3b357b6c99c71410An optional third-party port distributed with FreeBSD (Delegate) contains numerous remotely-exploitable buffer overflows which allow an attacker to execute arbitrary commands on the local system, typically as the 'nobody' user.
2349a26a318c7b3033748205014c57ea922b76e6da69a25737073b424924a0e0Two optional third-party ports distributed with FreeBSD (Asmon/Ascpu) can be used to execute commands with elevated privileges, specifically setgid kmem privileges. This may lead to a local root compromise.
2b675c143290527b89a549402414df4e6071bfdc3af5dd1a27f5c99d9440c401Windows Security Digest Update - Two risks were discovered: Microsoft reported a problem with its Internet Explorer version 4.x and 5.x that may expose files on a user's system with their permission, and a problem with Win2K Professional that may allow an intruder to gain Administrator access to the system in a particular window of time during the installation process.
9f9ab027f4b3eadea188d3b79b4b9f96c5bcbd0b91aa9a7a06d1aa4d132f2c6bView RAS passwords (locally) on a Win 9X box.
a9db317d2f40d7b939832ae65878c53366c226fd9548dda416333efe0f13d6f9Paper explaining man-in-the-middle attacks, using a secure web connection as an example.
e133e7778ec82962f986820746e4d99c549bec2941a5f9f34c67ad18059944a3slipwire.pl is a filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes. slipwire also records extensive file information such as inode number, last-modified date, filesize, uid, gid, etc, and can also report changes in any of these.
ec9858bdaf36e5e60ef17b7ed94935257559bad4767aa8e9115fdc554b149fceasmon.sh - A vulnerability exists in both the ascpu and asmon ports to FreeBSD. Local root overflow. FreeBSD 3.4, 3.3, 3.2, 3.1, and 3.0 are affected.
911f207a0f8d6a25d7a509d2f1e665dc06ececed17e36c50b885d1c48567b0d3Solaris (x86/7.0/2.6) local exploit for Sun's WorkShop 5.0 compilers and other products which use the FlexLM license management system.
36f48483c510695fffacc84e31f2a1eb85905b9dce7b7b3fd7e17098fbb11263Microsoft has released a patch for a vulnerability in an installation routine associated with Microsoft Systems Management Server (SMS). The vulnerability allows a user to gain elevated privileges on the local machine. Microsoft FAQ on this issue here.
46397ae9044894ea6dd2a0ed3e42942ee9a30ebf6bcd52009563b5d7bc758584A little mail-like 'smurf' that uses mail relays instead of broadcasts.
126ffdb072440ea199f8c3cf4a9f678df92c6ea8c85fdced2af0b70874d3668bSome code I put together to do some testing on the POP3 daemons on some machines installed at work. Attempts to overflow user/password variables.
66d36de7633bd79a74baa7b18fea4a59b9256c0aeee7c3c1b4c4794f411d831b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed