USSR Advisory #41 - HP Web JetAdmin web interface server directory traversal vulnerability. HP Web JetAdmin Version 5.6 for Windows NT and 2000 (tcp port 8000) allows an attacker to read any file outside of the intended web-published filesystem directory. Exploit URL included.
34a2c44b058e084b3e456e3f6fa27bcde80cc025fec19e5da65ab6189b9027a1
Ping Analysis Tool II (PAT) performs icmp echo scans on a range of ip addresses as fast as physically possible. Features a dual-threaded scanning process and allows you to scan from a list of IP's.
8439bbaf530edef8540c0a91d5e8db14e343611eef1a9c0d9de2ea4f516e736e
SAINT is the Security Administrator's Integrated Network Tool. It gathers as much information about remote hosts and networks as possible by examining all network services and potential security flaws. The collected data can then be analyzed using a simple rules-based system (or via other included interfaces). In Exploratory Mode, SAINT will examine the avenues of trust and dependency and iterate further data collection runs over secondary hosts.
a11fb20b7483f408d30ebabbfbf9d4fa739174d8f83dcd85e0c9d975b5737093
There is a remote denial of service exploit against tcpdump. Tcpdump interprets UDP packets on port 53 as DNS traffic, however, domain names in DNS packets use a compression scheme that jumps to a particular offset in the packet to avoid multiple occurances. Sending a packet that has the offset set to a particular location and if a program trying to decompress the domain name does not have a strategy for avoiding infinite loops, tcpdump may fall into an infinite loop.
3cb11869215cdb4a624ad46e732b853b543df65c25669d3daa61fa3108233ad0
Simpsons CGI Scanner v1.1 - Windows based CGI / web server vulnerability scanner with a simpsons theme. Tested on Windows 95/98/2000/NT. Allows use of your own CGI database.
eccab2ea264b74d35a86a8974f46766f2f878add00bf8ca13d7e4f6fff37b1bb
BufferOverflow Security Advisory #5 - Remote shell via Qpopper2.53. qpop_euidl.c exploit included. Requires a qpop account and gives UID mail.
3b9258be6be245c764411f6a0fb9887e6d3353efa7d0f966e6a4b94561a41ad0
Cisco IOS Router DOS attack via a specially formatted web get request.
46a1c083fa6d3a214e4d19120ba7ff3d0e614a13e73bbee75c39e927cf55ca4e
Cisco Auditing Tool - Perl script which scans cisco routers for common vulnerabilities. Checks for default passwords, easily guessable community names, and the IOS history bug. Includes support for plugins and scanning multiple hosts.
83f0404b49b0651b5b06b1a0938a579429b8de76f749a2b92532493f0ecbdcfc
Anti-spoofing lkm for OpenBSD via setsockopt() - detects and logs IP header manipulation.
fca4eaa52977935a2efb9a116a709ae0a74a82aa8047fb6d7c04baf8fddfd9e4
socket-dos.c is a local ssh-1.2.27 exploit which creates a UNIX domain socket with an arbitrary file name anywhere in the filesystem on some machines.
7bdb442b497c168920cf7dcefe4563db3d8741d098266c65dd84c6cadc0ad94a
CRYPTO-GRAM May 15, 2000. In this issue: More on Microsoft Kerberos, Trusted Client Software, ILOVEYOU Virus, Computer Security: Will We Ever Learn?, Counterpane Internet Security News, and the Cybercrime Treaty.
42d10ab0dec9914d8b3833d78c6cbc4a2c76fc43734f36d7457fdc1d684c3a08
Sniffit 0.3.7Beta Remote Exploit - sniffit has to be running (-L mail) flag set for this to work. Tested on RedHat 6.0.
b573a5413280903555b0ee0798458bf852149647ac3a38ccab820bebcba4ba44
Total obscurity for BPF Promisc Mode. OpenBSD Port.
4075e9176076c0914106ea44b5e66b037da9891ef3eb9c883807688ff1af19b2
killsentry.c shows that automatic firewalling is a bad idea by sending spoofed FIN packets from different hosts in an attempt to confuse Portsentry. Tested on FreeBSD 3.2.
53c616376a8cf4e338ec21587c689c67facb4791006565268125022e9ce67769
cisconuke.c reboots cisco routers which have the web-server interface open by sending invalid data to port 80.
331f4fdea18bb2834318576aef12a0dbaa6325ac46b29b1e080265dea8743c64
Ascend remote denial of service - Upon receiving a packet with non zero length tcp offsets ascend terminal servers will crash. Linux based exploit included.
1c9d5ce7aadfbcbc5a0f59fb1a4d4366d8f996bd3022ebe70ecda1d75003f9cf
induce-arp.pl is a working remote OS detection program which uses ARP fingerprinting. By inducing ARP requests it is possible to guess the other OS's of machines on your local network. Since ARP is a broadcast protocol this is effective in switched networks as well. Includes a HTML document explaining the ARP-based stack fingerprinting process.
ca96f7b1a22f95beefe6a08395853df01380d327b3cda165290aaae9ad7eb0d0
Many windows based SMTP servers have problems handling with "mail from: 4k_junk" or just "4k_of_junk". Servers that tested vulnerable include Lotus Domino ESMTP Services running Version 5.0.3, the CMail Server version 2.4.6, and the Argosoft Mail Server version 1.2.1.0. Perl demonstration code included.
6981ec5d382606b4beca0cbf358e062bc54741f52bea2b1d33bd0b5f58454f56
hellex.c is a local buffer overflow exploit for the Hellkit 1.2 shellcode generation package. Tested on Red Hat 6.0.
75f3c0bf13b260cd50665dcaca0b38166d372b5a1943a6e8675717b85338e5ad
Linux Security Magazine May 22 - In this issue: Slackware users, upgrade lynx!, Netscape 4.73 fixes SSL bugs, Many buffer overruns in Kerberos, Several problems in xemacs, gnapster/knapster - remote users to view local files, Lynx ports contain numerous buffer overflows, SUSE Kernel Vulnerability in the udp and ftp masquerading code, OpenLDAP 1.2.9 and earlier Vulnerability, An Introduction to IP Masquerading, Watching Your Logs by Lance Spitzner, Security Scanners for Linux, New DDoS tools developed, and much more.
b40de288e76e74e1d413613ac66dc1aa8ff276cc6af1c95bc09702d89772afa7
Guide to Anonymity with MS-Windows. This little tutorial will explain step by step how to add support for socks chains to all your windows programs like telnet, ftp, irc, http, portscanners... (even if they don't support socks).
85308b2f270d88709f59694d106453e931539131e8c90481eecf4eaf7cd32881
sscan was given to buffer0verfl0w security by jsbach for the project to be continued for jsbach. From now on sscan will go as sscan2k. sscan2k now has updated vulnerability checks along with all the other great features it had before, improved OS detection (user can update the fingerprints by editing Osdefs.ms [which comes in sscan2k scripting language]), etc.
a6f61002b67b260dd9f801c9a629380896d815e51bf747ee8b98e09a42b77705
Pirch98 irc client ident/fserve daemon DoS overflow attack. Ported to Windows by Digital Monkey.
a1a158686a2877d6f2ffce956e41e66fcf83f693988305ba95026f257df4ab67
Exile 2000 International Coding Team. Documentation about native raw socket programming.
ca82664b05cae82e6ef3f5ce15318146d5dd3596467fc2c0dd90043411341f95
kshux.c -- krshd remote root exploit. This program exploits a vulnerability in the 'krshd' daemon included with the MIT Kerberos distribution. All versions are apparently vulnerable. This exploit is for Linux/x86 with Kerberos version 1.0.
21dbac49e32798d882c9cc979e90d774e5d8ce9558b1930028784d9a54094e1b