Remote Denial of Service for CProxy v3.3 - Service Pack 2 for Windows NT.
9ac11023436a234df248b583ff8d03b1479376974e945735da16e7d03204fcf6
/usr/local/games/xsoldier local root exploit. Tested under Mandrake 7.0.
2efbf7e734506a09a852e6b3154a6163a11aff489a05f01d6c99f70a70026d5b
Antisniff Unix Researchers (free) version 1-1-1 - This is a command line only version that runs many of the same tests to determine if a sniffer is running on the local network that the Windows NT/98/95 GUI does. Currently only Solaris and OpenBSD are supported.
dd2bed88c7d033d59f684e267fe00741d2bfc83be7a3225eaee07c753a830bf0
AntiSniff v1.021 - Antisniff is Windows software which will detect if any sniffers are running on the network. Works on Win 95, 98, and NT, but not Win2k.
bb828aaed4b5cb305ee28ab3566af719abcdf3ee090afcefe89f9c54d7527ed8
BSDI 4.0.1 klogin remote root buffer overflow. The bug is actually in the kerberos library so this affects all kerb services (kerbIV). This code should need minimal (if any) modification to use on other kerberos services.
1b0f7877e7927a3a5a48023fc649c6dac7e3795fa63faecbebcd4b1f20ef1e42
Packet Storm new exploits for April, 2000.
c99c256ff819c4f91780a7fd9543561a63cf4ac7107e11f7e6f8b3b06263b4d3
Packet Storm new exploits for March, 2000.
9f748d3bdcbb353ef839d0fa1b4cc33475d72f25779d4224b03144f06df0bd8c
AUX Technologies Security Advisory - Be/OS Remote Denial of Service. The Be/OS Operating System version 5.0 has a vulnerability in the tcp fragmentation which can lock up the system, requiring a cold reset. The bug can be reproduced using ISIC-0.05.
5ebd3591f9625aeabd9c74fdf640c918466886138b9473eb70cb816cd9b82463
NetProwler 3.0, a network based intrusion detection system, has a remote denial of service vulnerability. The software crashes when two fragmented IP packets are sent to an IP address that it is profiling. Netprowler must be profiling ftp in order for the exploit to work. Please note that Netprowler logs all incoming alerts to a Microsoft .mdb file. Please read RFP2K04.txt for more information.
01dfbeff982172b700a96a3ad3afd0f8babfbb62d8508a80fe57958e3f4d2e87
l0phtl0phe-kid.c - Easy antisniff v1.02 exploit. l0pht messed up the fix for their problem in antisniff by not regarding the type signedness properties of the char and int values used, resulting in a cool of method bypassing the extra length + strncat checks. This version has been made easy enough for script kiddies to use - to avoid that "doesn't work" lamer claim.
bd31032131862d82287cf734e1ae6420cdb563449a5eb13f9c348e7266dd300d
Arpmitm.c is another tool for using arp man-in-the-middle attacks which keeps sending the packets. Requires Libnet 1.00.
a19ed2757a2e4c0b49f24c7b64aee902e263d54e73f80c0eec793933f61e7856
l0phtl0phe.c - antisniff exploit (1.02 included). l0pht messed up the fix for their problem in antisniff by not regarding the type signedness properties of the char and int values used, resulting in a cool of method bypassing the extra length + strncat checks.
936d433c03025bd9a3d606c0f3d43a479b07e715b0201d0e5f316e3adcac8c05
Windows Security Digest - May 17, 2000. In this issue: Backpedaling towards security, SECURITY RISKS: Emurl 2.0 exposes Users' Mailboxes, Office 2000 UA Control Scripting, NTMail 5.x Contains an Open Proxy, IIS Denial of Service and Code Exposure, IIS Denial of Service. SECURITY ROUNDUP: Feature:NTFS Access Control Security Enhancements, HowTo: Encrypting Files for Added Security. NEW AND IMPROVED: Message Attachment Scrubbing and Virus Protection, Increase Network Security in Small and Midsized Businesses. SECURITY TOOLKIT: Book Highlight- Cyberwars: Espionage on the Internet, Tip: Detecting Email Worms in Outlook.
0490e918e02438b399b4b0df5d700c3bd9189fbfb1337b1bcec380fd43dba94c
FreeBSD Security Advisory SA-00:18 - The gnapster port (version 1.3.8 and earlier), and the knapster port (version 0.9 and earlier) contain a vulnerability which allows remote napster users to view any file on the local system which is accessible to the user running gnapster/knapster.
f2d4875ee2a6597cc2a94c6118a4d88b60ed4746d0f0b055496f531d15e77b46
FreeBSD Security Advisory SA-00:08 - lynx revised. Versions of the lynx software prior to version 2.8.3pre.5 were written in a very insecure style and contain numerous potential and several proven security vulnerabilities. A malicious server which is visited by a user with the lynx browser can exploit the browser security holes in order to execute arbitrary code as the local user. The Lynx development team conducted an audit of the source code, and have corrected the known vulnerabilities in lynx. As of lynx-2.8.3pre.5, we consider it safe enough to use again.
2a92410e2c400253c2509ab21b18153feab913a2c915ded15e727eccdab16a13
SuSE 6.3 and 6.4 Glomelib local root exploit. All gnome apps have an exploitable buffer overflow when getting the DISPLAY environment variable.
9fe0131a24c1749a6647ad05e7ca960d784f79dbeb652d98418ed7fb5e7813b7
ADMDNews_v2 - WinNT/Win2K x86 exploit for NetWin (www.netwinsite.com) DNews server (v5.0f - v5.3e3) gupcgi.exe/dnewsweb.exe CGIs. This program exploits the buffer overflow condition in gupcgi.exe/dnewsweb.exe CGIs while processing the "cmd" parameter. Tested and confirmed under WinNT 4.0 SP5/SP6 & Win2K Beta 3 RC2 (build 2128).
a06f88d7f2ddcc83936b33dc931f7f8e3122cf05e01ce50bac5e4b98045a4016
Sniffit 0.3.7beta Linux/x86 Remote Exploit. Tested on RedHat 5.2, 6.0, 6.2.
23c271cadbc52f8891f04dff58f2d091757e47858573b3d9b6ea26e75ffc4906
Microsoft Security Bulletin (MS00-033) - Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", and "Malformed Component Attribute" Vulnerabilities in Internet Explorer 4 and 5. The "Frame Domain Verification" vulnerability allows a malicious web site operator to read files on the computer of a visiting user. The "Unauthorized Cookie Access" vulnerability allows a malicious web site operator to access "cookies" belonging to a visiting user. The "Malformed Component Attribute" vulnerability which allows a malicious web site operator to run arbitrary code on the computer of a visiting user. Microsoft FAQ on this issue available here.
05b71ced167d1c779f3c854da8924dacc1bb5a17e4682cda75e9ddf2feab1b82
CERT Advisory CA-2000-06 - Multiple Buffer Overflows in MIT Kerberos Authenticated Services. Several buffer overflow vulnerabilities exist in the Kerberos authentication software version 4, including implementations included for backwards compatibility in Kerberos 5 implementations. The most severe vulnerability allows remote intruders to gain root privileges on systems running services using Kerberos authentication. If vulnerable services are enabled on the Key Distribution Center (KDC) system, the entire Kerberos domain may be compromised. All known Kerberos 4 implementations derived from MIT sources are believed to be vulnerable. krshd has a remote root vulnerability and v4rcp and ksu have local vulnerabilities. MIT Kerberos team advisory here.
34bf1975d8471e284aeeac511729987b56648498c8905a7bb14b4b07f08285f1
dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.
4411ee32799cac95096d37b654d30296e78e4da6da85a4406e3b21247fdcddda
The Netopia R9100 permits a user not authorized with a special security password to neverthless modify the SNMP community strings, including enabling SNMP access that should be disabled.
3168f68634d059aaa9ea3f13c15e52e139e10b5ab83eef2a37fba5ca881c8d62
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off online and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.
e1a309b1d4ba5f70b379ec1c9f7df7feac42c3e88f93cca4acce45e095801be6
Prevent Current and Future E-Mail Worms.
b1751241071df22894da713215dce7423eeb70171bb6e5eafc67ab315fb54b15
Users can access the mailbox's content of anybody on the system. They can also steal their POP passwords since Emurl allows you to fetch your POP email from more than one source.
35e647237c0a38d4a34398da868edd6414f0a0f6309e46a65ff713c97f3e4d78