ISS Security Alert Summary June 1, 2000 - 78 new vulnerabilities have been reported in this quarter. This document has links to more information and full advisories on each. Includes: linux-cdrecord-execute, xlock-bo-read-passwd, bsd-syscall-cpu-dos, win-browser-hostannouncement, nai-webshield-config-mod, nai-webshield-bo, mdbms-bo, mailsite-get-overflow, hp-jetadmin-malformed-url-dos, hp-jetadmin-directory-traversal, deerfield-mdaemon-dos, cayman-dsl-dos, carello-file-duplication, netscape-ssl-certificate, cobalt-cgiwrap-bypass, gnome-gdm-bo, linux-fdmount-bo, qualcomm-qpopper-euidl, cart32-price-change, gauntlet-cyberdaemon-bo, ip-fragment-reassembly-dos, domino-doc-modify, domino-web-apps-access, axent-netprowler-ipfrag-dos, lotus-domino-esmtp-bo, linux-masquerading-dos, netice-icecap-alert-execute, netice-icecap-default, beos-tcp-frag-dos, ie-frame-domain-verification, ie-malformed-component-attribute, kerberos-krb-rd-req-bo, kerberos-krb425-conv-principal-bo, kerberos-ksu-bo, kscd-shell-env-variable, cproxy-http-dos, emurl-account-access, eudora-long-attachment-filename, ie-active-movie-control, antisniff-dns-overflow, delphi-ics-dot-attack, netscape-invalid-ssl-sessions, sol-netpr-bo, ie-cookie-disclosure, iis-malformed-information-extension, iis-url-extension-data-dos, netscape-import-certificate-symlink, ssh-zedz-consultants, coldfusion-cfcache-dos, http-cgi-formmail-environment, libmytinfo-bo, netopia-snmp-comm-strings, gnapster-view-files, netstructure-root-compromise, netstructure-wizard-mode, allaire-clustercats-url-redirect, aolim-file-path, iis-shtml-reveal-path, http-cgi-dbman-db, http-cgi-dnews-bo, ultraboard-cgi-dos, aladdin-etoken-pin-reset, http-cgi-dmailweb-bo, interscan-viruswall-bo, quake3-auto-download, ultraboard-printabletopic-fileread, cart32-expdate, cisco-online-help, hp-shutdown-privileges, http-cgi-listserv-wa-bo, aaabase-execute-dot-files, aaabase-file-deletion, macos-appleshare-invalid-range, win-netbios-source-null, linux-knfsd-dos, macos-filemaker-anonymous-email, and macos-filemaker-email. ISS X-Force homepage here.
4db0d03fb6271c35418d4d58ecec415169ad7a59e0467e9f65044a7c79068f6e
resecure was created out of the need for a program to re-chmod and chflag literally hundreds of files after system upgrades. This program was created on OpenBSD and NetBSD, your mileage may (and will) vary on other operating systems.
cf268a40cda3c253f74847e77badba0f59b3062ca9c016564d1266b4e2b47c2f
Security Point Advisory #001 - Java Internet Shop allows users to change the prices on items. The Danish Shopexpress, and the English Zilron StoreCreator version 3.0 and below are vulnerable, an estimated 2500 online shops are running this software.
259866f2adad0030783104f4b506b750a78f941517845084f067935aba3a0cf3
NetBSD Security Advisory 2000-006 - Untrusted local processes can hog cpu and kernel memory by tricking the kernel into running exclusively on their behalf, denying other processes the CPU.
cac750a58cf9b85d2630794215188083198ea320a7a11c55b56b766d530a2dea
NetBSD Security Advisory 2000-005 - Untrusted local processes can hog cpu and kernel memory by tricking the kernel into running exclusively on their behalf, denying other processes the CPU.
f386ac97b48ce8e1bd94b4c276d31ed35256067003b8a2673f30c9f9fe95f974
NetBSD Security Advisory 2000-004 - An undocumented system call permits any user process to lock up the entire semaphore subsystem, preventing processes using semaphores from locking or unlocking them, and preventing processes holding semaphores from exiting.
c73d42a54f6b2912c562ac008d2fceb0d23730edbc94c5372e844549d8e71073
Red Hat Security Advisory RHSA-2000:005-05 - New majordomo packages are available to fix local security problems in majordomo. A vulnerability in /usr/lib/majordomo/resend and /usr/lib/majordomo/wrapper will allow execution of arbitrary commands with elevated privileges.
335a18f69e394b56f77517ae17b776dfea41714d7b2f7061ba20ed1b34fc910f
IRC plugin for BO2K v1.0. It is an IRC client, Channel Bot style. Is fully customizable and once logged into an IRC server, it is remotely administrable through the IRC /msg or /query commands. The bot will rejoin any channel where get kicked, reconnect on disconnect, generate random nicks on raw 432 or 433, can delete, list, copy, spawn files on remote machine through irc. Archive password is set to p4ssw0rd. Use at your own risk.
18cd597a1c6e11fcc902e1acf7ffa0538203c48f8ea6ba475b97f1cc3139c423
Elm 2.4 PL25 local GID mail exploit. Tested under Slackware 3.6, 4.0, Redhat 5.0, and 5.1.
558a726bce68d1bb599a32adc7f23c60678255c07a67495d810c8a54c8097694
Mailx local exploit - Tested on Slackware 3.6, 4.0, and 7.0 and Debian 2.0r2, 2.1, 2.2. Gives GID mail shell.
a39f3080841f007cde7492636ec28cae360eb3bb27286828a964f551aab0e2c5
TSS v1.0beta1 is a shell script to check the local security of a Red Hat 6.0 / 6.1 / 6.2 machine. It checks for crontab, userhelper, shadow passwords, and the piranha account.
9fa3b6ef947a7571137474a5b4bf84a40a8686f6ff8439281116a26b4c4cad24
This document provides specifications for the Austrailian Calling Line Identification presentation for Analogue (CLIPA) service. The service may also be as Calling Number Display or Caller ID. Thanks to Biftek
42494334b00e46047d8803c98d10d0c7bc403c4d1dcd2298b5688d9197519881
MDBMS V0.96b6 remote root exploit - This code demonstrates a MDBMS v0.96b6 vulnerability which allows any remote user to exec a root shell. Tested on Linux SuSE 6.3.
de6ae98a613246fac73e111c7f8a950caf984cf19ee3796d0a0406e994e6fd8a
A remote buffer overflow has been disvovered in the Simple Network Time Sync daemon and client version 1.0, tested on Redhat 6.1. Possible remote root compromise - denial of service exploit included.
55b117d15f47c9c6692c959b4980c558e51d2b5eb35a168825c610287185c171
Windows Security Update - May 31, 2000. In this issue: Think You're Safe from Sniffing?, Windows Computer Browser Denial of Service, Master Browser Denial of Service, WebShield SMTP Buffer Overflow Condition, Buffer Overflows in PDGSoft Shopping Cart, Mailsite Buffer Overflow, News: Beware of Killer Resumes, News: Microsoft Delays Outlook Security Update, Tip: Microsoft's Online Security Papers, and Windows 2000 Security: Creating a Custom Password-Reset MMC.
484221b76e8570ae37972f242cef601dbca92c164131328b25d3201000aaae4d
Linux FreeS/WAN provides IPSEC (IP Security, which is both encryption and authentication) kernel extensions and an IKE (Internet Key Exchange, keying and encrypted routing daemon) allowing you to build secure tunnels through untrusted networks. The 1.00 version can work with with other IPSEC and IKE systems already deployed by other vendors such as OpenBSD.
7ce8735430b823650c4c4f20631372405c2421e0ed3a37d258f050957ec2a17b
/usr/bin/Mail local linux exploit which gives gid=12 shell. Tested against Slackware 3.6 and 7.0.
fed3606029a826006dd84ce7fd68f8f7eb73b112fa86dd79c0364186eaf429cf
hammer2k.c v0.8 is a simple denial of service tool which makes multiple open connections to a destination host/port.
3db6d684de52e8e44e6cfa3a11986fd7ca4fe6eda5993221e841496a363a7549
motion uses a video4linux device as a motion detector. It will make snapshots of the movement it sees, making it usable as an observation or security system. It can send out email and SMS messages when detecting motion.
441eef8eb61edb77f26df740256f7b34baa2eb5960ecbfe547741c607c31efd4
KDbg is a graphical user interface to gdb, the GNU debugger. It provides an intuitive interface for setting breakpoints, inspecting variables, and stepping through code.
f27294a1a3939c2f7b928d6c143799e533f840cc88ee7a4f439ed3073340ba0b
Magdalena.pl is a small utility written in perl that will scan a list of hostnames for a certain CGI. It lets the user define a string to match rather than just relying on HTTP codes.
ccc299ad0540b9e3f12b44614383906c104dcf932edf981963b113749e28fa08
WordMake is a dictionary file creator. It takes a text file and makes dictionary files from them.
e741416659649408bd045bbcd4e66fd8dee9dcc602fa6b1a6867ce6bb2b61e89
The mailinglist software majordomo has several local vulnerabilties. Local commands can be run wuth the UID and GID equal to the one used for majordomo. Exploit details and patch included.
e5ee7bb2c827ab5e443ead682e7790a52f4edeadd0ca30218cadd5031c86e15b
The PHP firewall generator is a simple PHP script that generates a firewall script for ipchains-based firewalls. The aim is to support an easily configurable rule set similar to those supported by commercial firewall systems.
75870a3ad66d565d8ec1e15c416368805578c8f019f751eb48ebfaa0683fbbe0
B0g Issue 5 - In this issue: Interview with rfp, how to beat credit card verifications and all about credit card algorythms, The truth about ICQ, Programming your Nokia cellphone, Coding GTK+ and GNOME, and much more.
0ac488742cceb9a224cc8f6cf5ade5557185405aaa74c9379cf2688d37ea82b8