Red Hat Security Advisory - Various format string vulnerabilities have been found in syslogd and klogd. When exploiting these vulnerabilities, it could be possible for local users to gain root access.
a17cc7d59867c8802e43bf80a0d76c739e447191dbf864f926f349cc4519cd8fTorn Kit is a linux rootkit which has been optimized for linux/x86 mass installation. It is the first rootkit which uses precompiled binaries yet still allows a user defined password. This code is being widely used to automatically compromise hosts which have the wu.ftpd and rpc.statd vulnerabilities, and was mentioned in CERT's recent Incident Note IN-2000-10 advisory.
5c48ccb7e9f41685772e735a35e40fd8a61535f255a9d4f6968b8a1e150e3bf9Oblivion Magazine Issue #7 - Contains articles on Voice over IP, An Introduction to IPSec, Virtual Router Redundancy Protocol (VRRP), ADSL, Firewall-1 + Firewalls Rant, and security news.
239423a563095461e8e129994dc051c5bbc250df2ec79cac461d7dc74dbdc4b9This regedit registry patch will tighten down security on a Microsoft NT v4.0 (sp3 and sp6 or 6a) machine. Changes about 55 registry entries.
17ecace1825394820a936146cb0eebe1dd734581c3df84d03e1c809bf5376982SAINT (Security Administrator's Integrated Network Tool) is a security assessment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
32a410d596287b65aa4e082b5c138bab0d3ed71501701c72be8059c2cd126d61Pdump is a sniffer written in perl which dumps, greps, monitors, creates, and modifies traffic on a network. It combines features from tcpdump, tcpkill, ngrep, tcptrace, dsniff (and its webspy and urlsnarf), pfilt, macof, and xpy. It is able to do passive operating system detection/fingerprinting and can also watch packet streams and then create it's own spoofed packets to hijack or kill TCP connections. It understands tcpdump-like and perl-like syntax and allows easy modifications via a plug-in system. The packet display is easily configurable. Readme available here.
f7f15865466b04de11b1198577c231f9dcf94f81aebc0940a4af43dc6221164bBitchX is the premiere IRC (Internet Relay Chat) client. It is a modified clone of the popular ircII client, and is available for almost all UNIX OS's as well as Win95/NT and OS/2.
ce1eec9dec4d0c0a708130ea5485eb58106a9299d138723126ebc272776d71d7HardenNT (Beta 0917) is a tool created to automate the task of securing one or more Microsoft Windows based computers. It is specifically aimed at securing Windows NT 4.0 machines, although some of the functionality could also be used on Windows 9x or even Windows 2000 networks. HardenNT is not a tool that is to be installed or even run on a computer that one wants to secure. It merely creates a number of batch files that run standard NT (and NT resource kit) tools. This means that the batch files created by HardenNT are to be copied and run on the host you want to secure. Updates frequently, newest version available here.
e09153373619655c9b68e3a686e86477e1edddfdcf54c5a3091b59e0612c11aaStealth IP Stack is a kernel patch for Linux 2.2.17 which makes your machine almost invisable on the network without impeding normal network operation. Many denial of service attacks, such as stream, are much less effective with this patch installed, and port scanners slow to a crawl. It works by restricting TCP RST packets (no "Connection Refused"), restricting ICMP_UNREACH on udp (Prevents UDP portscans), restricting all ICMP and IGMP requests. A sysctl interface is used so these features can be turned on ande off on the fly.
cb7f36d76783cdabab99611890b6f8df14437d9b0ace7474dadd6a02480461e8Ploits.c v1.95 integrates stuff.c, ath0.c, and banner.c into one attack tool.
755a2a39dd379973cf20b9d77886a0e3abe6c9404233bc780362699329fca097Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
e130ff3e71ade3b4b5048c7b6bb5d9972db5f1446368d158d27bdb1d8ec1cf87vnx4.c is a VNC attack program ported to Windows. Features cracking of the password in the registry, online brute force against VNC server or cracking a sniffed challange/response handshake.
a507db549f33869781e20c6631dc821d6eba0651c0cbad494ae78e1b0e831359Snort Panel is a front-end control panel for the win32 port of snort. It allows you to set command-line options via dialog box settings and it monitors the alerts file for new alerts.
e50f793cd53f455b32a5190829ea97353bf9ea47977f36f0c8d4fe5d3b6a32adWDumpEvt is a tool that makes it easy to manage all the information from Windows NT / 2000 logs. The eventlog tree can be browsed, sorted, erased, filtered, or catagorized. The data can also be dumped into an ASCII-delimited format for importation or HTML for display.
eaf06992361807781762a06be9d593d389e8835393ca184296fbb75b1282e195Crypto-gram for August 15, 2000. In this issue: Full Disclosure and the Window of Exposure, News, Carnivore Disinformation, FBI Requires Constitutional Changes, The Doghouse: FaceMail, PGP Vulnerability, and Comments from Readers.
0e4cbb003e4a2c2f2d719a1a3c31cb1025f8835a3832f59fa40e8e4a5db45de0ISS Security Alert Summary for September 15, 2000. 87 new vulnerablities were reported this month. This document has links to more information and full advisories on each. Includes: ftp-goodtech-rnto-dos, imail-file-attachment, go-gnome-preinstaller-symlink, mailers-cgimail-spoof, win-netbios-corrupt-cache, news-publisher-add-author, xpdf-embedded-url, intel-express-switch-dos, viking-server-bo, win2k-corrupt-lsp, vqserver-get-dos, mgetty-faxrunq-symlink, money-plaintext-password, wormhttp-dir-traverse, wormhttp-filename-dos, cgi-auction-weaver-read-files, iis-cross-site-scripting, telnetserver-rpc-bo, nai-pgp-unsigned-adk, website-pro-upload-files, account-manager-overwrite-password, subscribe-me-overwrite-password, hp-netinit-symlink, realsecure-frag-syn-dos, sunjava-webadmin-bbs, zkey-java-compromise-accounts, java-vm-applet, darxite-login-bo, gopherd-halidate-bo, phpnuke-pwd-admin-access, becky-imail-header-dos, gnome-installer-overwrite-configuration, gnome-lokkit-open-ports, minicom-capture-groupown, webshield-smtp-dos, netwin-netauth-dir-traverse, xlock-format-d-option, frontpage-ext-device-name-dos, xchat-url-execute-commands, irix-worldview-wnn-bo, os2-ftpserver-login-dos, weblogic-plugin-bo, ie-folder-remote-exe, firebox-url-dos, trustix-secure-apache-misconfig, irix-telnetd-syslog-format, rapidstream-remote-execution, ntop-bo, iis-specialized-header, linux-update-race-condition, etrust-access-control-default, zope-additional-role, list-manager-elevate-privileges, iis-incorrect-permissions, varicad-world-write-permissions, gopherd-gdeskey-bo, gopherd-gdeskey-bo, mediahouse-stats-livestats-bo, linux-umb-scheme, mdaemon-session-id-hijack, tumbleweed-mms-blank-password, ie-scriptlet-rendering-file-access, office-html-object-tag, hp-openview-nnm-password, hp-newgrp, totalbill-remote-execution, solaris-answerbook2-admin-interface, perl-shell-escape, solaris-answerbook2-remote-execution, mopd-bo, java-brownorifice, diskcheck-tmp-race-condition, servu-null-character-dos, pccs-mysql-admin-tool, irix-xfs-truncate, win-ipx-ping-packet, nai-nettools-strong-bo, fw1-unauth-rsh-connection, win2k-named-pipes, sol-libprint-bo, ntop-remote-file-access, irix-grosview-bo, irix-libgl-bo, irix-dmplay-bo, irix-inpview-symlink, nettools-pki-dir-traverse, fw1-localhost-auth.
dbd64db221e040e05a4a342ac92b13566073a9300c9dab57446e955bb03abca1Ratware Win9x Screen Saver Buster V1.0 is a tool for busting into a Win9x PC that has a screen saver/password active. It needs to be cut to a CD, inserted into the said PC, and works by exploiting the autoplay 'feature' to disable the screen saver password.
de5070973877b690376cd0a7f8d2f68967e44b5937dbd2e0a931da3f9790940eDicgen is dictionary file creator (DOS). Easy to use interface and options, extremely fast, introduce any variables and generate any combination type.
d69065531ce0222954fb71dfbd43b14019f092e9c3a9a6628a3560fe53adbad3The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
4d888f7c5d870834786ac56bbf31e9cf1ca887eb473edd991af711feaca1454aThe Windows 2000 Telnet client can be launched via email or browser and automatically passes NTLM authentication credentials to a telnet server. Proof of concept exploit includes a modified telnet server which causes the w2k telnet client to auto authenticate and prehash-ntlm.c which can be used to launch a dictionary attack against a retrieved hash.
82b52ace068cc6c157c2910a941a5a36a69ebeed844d0b304468d6b56322c0aeMultiHTML (/cgi-bin/multihtml.pl)is a CGI script which has a vulnerability allowing remote users to read any file on the webserver.
228cf3036d6dc675782ffe1ed3fbd4cb7b47b8d64048d18536d2852fc1ee1bf8Red Hat Security Advisory - A format string vulnerability in screen allows local users to become root.
fbe251f1e57a3cb4b5b8f284908e9ea7fa5d667c99923f7076fcb88238394338@Stake Advisory A091400-1 - The Windows 2000 telnet client, which relies upon NTLM authentication protocol, may be launched via email or a browser and automatically attempts to authenticate with any host it contacts without prompting the user for any information. A malicious user can crack the authentication to reveal passwords.
d63b34ce08b67e84a7afc686404bb3ed7594cb084d9f40027342b4ccc5f90b9bFreeBSD Security Advisory FreeBSD-SA-00:44 - The xlockmore port, versions 4.17 and below, installs the setuid root binary xlock, which contains a vulnerability due to incorrect use of the syslog() function. The xlock program correctly drops root privileges prior to the point of vulnerability, however it may retain in memory part of the hashed password database for the user accounts on the system. Attackers who can retrieve hashed password information from the memory space of the process can mount attacks against the user account passwords and possibly gain access to accounts on the system if successful.
0b1c8c3842f449349927b566da8941978ab4a1c327fb2fcd41431a8cdad32fdfCoding with the DNS protocol v2 - Includes DNS basics, How to decode DNS packets by hand, Parsing DNS replies, advanced DNS techniques, and DNS Security Mechanisms. Well written, contains lots of in depth information and example code.
4dd89f0ca3b69db69a2564df1a08db8f2c87d8bfc8d824966fcf1f0bf5dd7a76
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed