Sambar Server 4.4 Beta 3 and below for WinNT, Win95 OSR2, (possibly Linux affected) contains a vulnerability which allows remote users to browse the filesystem of the webserver. Fix available here.
682efe87f41f4ff59f349e51db891761fcbe069277019c774fc845c93fc2a01d
Very basic guide to sending fakemail.
72db9f6e0f8c3a4da67938ab2b7a8ed1eac95751b1b2e9798b10b3332da5ac55
UNIX/misc/vtgrab-0.1.2.tar.gz 0 Vtgrab is a utility for monitoring the screen of another machine. It only works for text consoles.
3c76542dbc1025ef88f44906d8ca9b17c650ad589b2d46159cc16485f1e5f504
Saqueadores Edicion Tecnica Issue #23 (En Espanol) - Features articles on RPC hacking, MIPS R2000, electronics, an interview with Mixter, Domino tips & hacks, ADSL.
d0cc3fdcb8aa9fc96cb1cab73987347d4f0466e3c09409b2cfb7a4d0b61bba71
LinuxSecurity.com Weekly Newsletter for September 11, 2000. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This weeks issue contains How to perform a secure remote backup, Introduction to Unix permissions, Using Postfix: A basic guide on configuring and installing, Booting without all the extras, Firewalls - Common Configuration Problems, Amateur Fortress Building in Linux, Authentication: Patterns of Trust, Solar Designer's 2.2.17 Kernel Patch, Network ICE Releases Open-source Carnivore, Researchers refuse Carnivore review, and more.
405dc01a9e4a17a465e19d9459e3373c2f2007a278f549111db49660b981ce83
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
ea7e3aa3d266c5e5183b5617ce08b566de66401a52f1c0b35e62dd42c857fee8
Pdump is a sniffer written in perl which dumps, greps, monitors, creates, and modifies traffic on a network. It combines features from tcpdump, ngrep, tcptrace, dsniff (and its webspy and urlsnarf), pfilt, macof, and xpy. It understands tcpdump-like syntax and allows easy modifications via a plug-in system. Readme available here.
f312f47fbf5e181eaef1e1785de4fa33f18d686d8cdfcb40874a22fd732570eb
FreeBSD Security Advisory FreeBSD-SA-00:51 - The mailman port, versions prior to 2.0b5, contained several locally exploitable vulnerabilities which could be used to gain root privileges.
dedb3bb4a1ce3ca995f2fb71a6dfc4cc5f55e619fc981e278494f0f87dd01815
FreeBSD Security Advisory FreeBSD-SA-00:50 - The listmanager port, versions prior to 2.105.1, contained several locally exploitable buffer overflow vulnerabilities which could be used to gain root privileges.
3e32fb931fa234b663d485febacb30965ed690394c9e151c22d8c8c63ec013ce
FreeBSD Security Advisory FreeBSD-SA-00:49 - The eject port is installed setuid root, and contains several exploitable buffers which can be overflowed by local users, yielding root privileges.
031b23226b8c3145fcc2d633e190d78e52aa482d69c5e45788560e7f54bc4834
FreeBSD Security Advisory FreeBSD-SA-00:48 - The xchat IRC client provides the ability to launch URLs displayed in an IRC window in a web browser by right clicking on the URL. However this was handled incorrectly in versions prior to 1.4.3, and prior to 1.5.7 in the 1.5 development series, and allowed a malicious IRC user to embed command strings in a URL which could cause an arbitrary command to be executed as the local user if the URL were to be "launched" in a browser as described above.
aed685a66de97edce6729dc5e82feed39ad7397a61a60b4b457ceaf446493e6d
FreeBSD Security Advisory FreeBSD-SA-00:47 - The pine4 port, versions 4.21 and before, contained a bug which would cause the program to crash when processing a folder which contains an email message with a malformed X-Keywords header. The message itself could be deleted within pine if identified, but other operations such as closing the folder with the message still present would cause the program to crash with no apparent cause.
fef7796ba9f4008ae05e32e357e31610d2560144adcb1cfbe8ecff674325874c
Klogd Local Exploit. Envcheck is a Linux kernel module which detects and prevents exploitation of the recent glibc vulnerabilities by intercepting the execve system call and sanitising the enviroment passed. At the cost of a very small performance penalty, it has advantages over a glibc upgrade, including logging of exploit attempts, it works with statically linked binaries, it is transparent to applications that may be sensitive to a change of glibc, and it partially protects libc5.
3c854c738a6a76ef40141f865055426a01aff9e74874c43676c3a699869312f9
Vigilante Advisory #11 - Lotus Domino ESMTP Service Lotus Domino Release 5.0.2a contains a buffer overflow in the processing of SMTp commands, causing the service to crash. Tested on OS/2 Warp 4.5, it is assumed that other platforms are vulnerable as well.
899917d16df031887b0b09207f33847668e2d85bd87d183da90737c8950ead90
Vigilante Advisory #10 - Intel Express Switch series 500 crashes when a malformed ICMP packet is sent to the Intel Express Switch or a host behind it. The switch looses all routing functionality but continues to function as a switch, except for the fact that learning also crashes, so new connections are not "picked up". Fix available here.
7256e8c0df1d7ce12f4af0950cdfe91032004217c0851024af0a141e17c70d5a
Microsoft Security Bulletin (MS00-063) - Microsoft has released a patch for a security vulnerability in Microsoft Internet Information Server (IIS). The vulnerability could enable a malicious user to prevent an affected web server from providing useful service by sending a particular type of invalid URL. Microsoft FAQ on this issue available here.
12d25552be38868a8fa36ffe9023fb0e2764f085ac7e10c191b403366e1535b4
Vigilante Advisory #9 - Internet Information Server (IIS) 4.0 for Windows NT 4.0 is vulnerable to a denial of service attack as described in ms00-063 in which a certain series of requests can cause INETINFO.EXE to gradually consume all system ressources (99-100% CPU and all memory). When the pagefile can't expand any further, INETINFO.EXE is killed by the operating system.
f88b454e98f58dc0cab36e2079df258a10823f10487e75deb9870d645da092ca
Red Hat Security Advisory - The mgetty-sendfax package contains a vulnerability which allows any user with access to the /var/tmp directory to destroy any file on any mounted filesystem. A malicious user can create a symbolic link named /var/spool/fax/outgoing/.lastrun which points to any file on a mounted filesystem, and that file's contents will be destroyed the next time faxrunq is run.
6729a1a0b2737e85ae4f5ba7398a377fec561d503a17dd3698e11dd59d09872e
Atstake Security Advisory - Netegrity's SiteMinder is a web access control product for Solaris and Windows NT that implements various authentication mechanisms to protect content on websites. Due to an error in SiteMinder's URL parsing, it is possible for an attacker to bypass the authentication phase and view protected web pages directly.
e0d3f793315991d1bfe7a1596da57ae4a879f58a9bf6b103ecee5c49798552b3
A serious vulnerability has been found in IRIX telnetd which can give remote root access to any IRIX 6.2-6.5.8[m,f] system. The vulnerability occurrs when one of the environment variables contains a format string which is passed on to the syslog() function. Proof of concept exploit included (updated version - compiler and little endian fixes). Fix available here.
f3757ed7c83366e37236fcd1468ac10d93f1b85113d1d44c9616dc8a918135d9
SuSE Security Advisory - pam_smb is a package that allows Linux/Unix user authentication using a Windows NT server. Versions 1.1.5 and before contain a buffer overflow that would allow a remote attacker to gain root access on the target host. In addition, Zope needs updating again and the Xchat IRC client can be tricked to execute arbitrary commands if the user clicks on an URL. SuSE security site here.
5a5cc35d33db367672c5f0cd1d3602494bd48a405273b950e7dabe93aac239c6
ICMP Usage in Scanning v2.01 - This paper outlines what can be done with the ICMP protocol regarding scanning. The paper deals with plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.
1ff9c1a751e358458994c2d61f241f21e90f086d7913e3155237dfdc53b0edab
This is a list of the ports which trojans run on. Updated Aug 2000, lists 350 trojans and thier default port. Newest version of this list available here. Archive password is set to p4ssw0rd. Use at your own risk.
3e1809812271d23eb04ede26e54c8aa3db1ba2160ff2c809ca459101541ee74a
Beginners guide to unix hacking. Includes host enumeration, buffer overflows, firewalls, common mistakes, log cleaning, and more.
ea3139e78e2968521486618e39ab47156557263a1b247cf7ca40e4dfc47ca6c6
Lsof is an extremely powerfiul unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
dbf618652685f94befe85ab1fcbe56c7cc178f174f75e966f269a3b022932bf9