FreeBSD Security Advisory FreeBSD-SA-00:69 - A denial of service attack in telnetd has been found. When changing the TERMCAP environment variable, it can be tricked into searching for termcap entries in any file on the system, taking up CPU resources. A valid account is not required.
c10b2eda2360930b488077073a58a118e5d945a59df23d21ef8f67775aa6fb3c
FreeBSD Security Advisory FreeBSD-SA-00:75 - The mod_php ports, versions prior to 3.0.17 (mod_php3) and 4.0.3 (mod_php4), contain a potential vulnerability that may allow a malicious remote user to execute arbitrary code as the user running the web server, typically user 'nobody'. The vulnerability is due to a format string vulnerability in the error logging routines. A web server is vulnerable if error logging is enabled in php.ini. Additionally, individual php scripts may cause the web server to be vulnerable if the script uses the syslog() php function regardless of error logging in php.ini.
6208a915ee52a59e988f0b678651fb6acdef1d0677c5b028ebdf9315a9ff99fe
FreeBSD Security Advisory FreeBSD-SA-00:73 - The thttpd port, versions prior to 2.20, allows remote viewing of arbitrary files on the local server. The 'ssi' cgi script does not correctly restrict URL-encoded requests containing ".." in the path. In addition, the cgi script does not have the same restrictions as the web server for preventing requests outside of the web root. These two flaws allow remote users to access any file on the system accessible to the web server user (user 'nobody' in the default configuration).
1210c9a3793c9fb08ef4e606ba72b7bca4134f0c2984df6629ecd32948baebf5
FreeBSD Security Advisory FreeBSD-SA-00:73 - The curl port, versions prior to 7.4.1, allows a client-side exploit through a buffer overflow in the error handling code. A malicious ftp server operator can cause arbitrary code to be executed by the user running the curl client.
46fd9282ad36acaec6a207f12d372b71771bbb5250c4d02f53c4ebeeef664a3f
FreeBSD Security Advisory FreeBSD-SA-00:71 - The mgetty port, versions prior to 1.1.22.8.17, contains a vulnerability that may allow local users to create or overwrite any file on the system. This is due to the faxrunqd daemon (which usually runs as root) following symbolic links when creating a .last_run file in the world-writable /var/spool/fax/outgoing/ directory. This presents a denial of service attack since the attacker can cause critical system files to be overwritten, but it is not believed the attacker has the ability to control the contents of the overwritten file. Therefore the possibility of using this attack to elevate privileges is believed to be minimal.
7148bbf5711dfeabe1b1da003e0c40816ea594618c43fc3f0851614fb702aacb
Debian Security Advisory - During internal source code auditing by FreeBSD several buffer overflows were found which allow an attacker to make tcpdump crash by sending carefully crafted packets to a network that is being monitored with tcpdump. This has been fixed in version 3.4a6-4.2.
981b5990cc1763ea7fa96ba1ea6c7d1929d17c49f3c800a820e0927f9e249b7f
The here.
6fb960b4f5c3485bdbcec10301697c2f0a2a956ffe68740fa84a0411ce0bf4ee
Microsoft Security Bulletin (MS00-089) - Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability allows malicious users to use repeated attempts to guess an account password even if the domain administrator had set an account lockout policy. Microsoft FAQ on this issue available here.
c5ca4feca03c0462400fc89e184c518c60f6b5f209cc4765b26b05f65e794358
Windows NT 4.0 SP6a with SynAttackProtect set is vulnerable to a remote denial of service attack.
714cad616a29fdfca52b206e8783d4c79dbf59b9a095f42bcd9514ec4ce0f734
Debian Security Advisory - The version of the ncurses display library shipped with Debian GNU/Linux 2.2 is vulnerable to several buffer overflows in the parsing of terminfo database files. The problems are only exploitable in the presence of setuid binaries linked to ncurses which use these particular functions, including xmcd versions before 2.5pl1-7.1.
336c3ce869efdf290246fbfd466b0f12bad351d1f302f870767531e91b7f3fc3
Super Solaris sadmin Exploit - works with solaris 2.6/7.0 SPARC and x86, does the sp guessing (much like sadmin-brute.c).
1bc5ba57da0d2994c387df4be7a70b3d1a5261e3f76ef1792396e253ad6d576c
Debian Security Advisory - The Debian GNU/Linux xmcd package has historically installed two setuid helpers for accessing cddb databases and SCSI cdrom drives. More recently, the package offered the administrator the chance to remove these setuid flags, but did so incorrectly. A buffer overflow in ncurses, linked to the "cda" binary, allowed a root exploit. Fixed ncurses packages have been released, as well as fixed xmcd packages which do not install this binary with a setuid flag. The problem is fixed in xmcd 2.5pl1-7.1, and we recommend all users with xmcd installed upgrade to this release. You may need to add users of xmcd to the "audio" and "cdrom" groups in order for them to continue using xmcd.
8662a5a35e41d91673db0df0b3ae1f799f037290b1843aee1f582e633092e22e
Debian Security Advisory - A tempfile bug was discovered in elvis-tiny prior to v1.4-10 which does not exist in the full size elvis.
1f66bab352ccedb7d565e14b1ee161090ddf906a118e146282a369fa306c7ad2
Debian Security Advisory - A problem in the modprobe utility that can be exploited by local users to run arbitrary commands as root if the machine is running a kernel with kmod enabled has been discovered.
d440505b7831d45ecd78c04b42425473fb9fe116ba3afa8db1cd5a0a127e52a8
Red Hat Security Advisory - An exploitable buffer overflow was found in ncurses in a part of the library which handles cursor movement which allows users to supply their own termcap files, allowing local root access.
d15bdb6eccbac5dd497e03b31d5063f15bcef95f00b8622cb440c683a5502ca0
Authforce is a brute force www password strength testing tool.
50e1caab847e4dc53f5668312d5e86d78c12adaae789206d838c5b78b0df001e
The Linux Basic Security Module (Linux BSM) is a kernel patch and userspace tools to implement C2 level security. It is patterned after Sun's Solaris Basic Security Module.
635128ae27b0a075a05e906a412a7e93c537b31951b729c690d64ebebdc320a0
iplog is a TCP/IP traffic logger capable of logging TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. It currently runs on Linux, FreeBSD, OpenBSD, BSDI and Solaris.
549ae1593eeeab60d0f78fc5eaf65e67c9eab7a202cf26a05963bdda2fba4119
The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
c60a038817e34db94e12fa65992bbd2e632a477cda4e1e094a1e13d889d2e176
SAINT (Security Administrator's Integrated Network Tool) is an updated version of SATAN, designed to assess the remote security of computer networks. Features include scanning through a firewall, frequently updated security checks, 4 levels of vulnerability severity, and a feature rich HTML interface.
4f3fdcbbb34ea768b36e87a8c2416982c9b4f0c59de329237ab0a4e7020211f6
SuSE Security Announcement - Tcpdump contains remotely exploitable buffer overflows. Fully patched upgrade not yet available.
09a3f03d097b83f926bedcf398dc7653453db5432aad0fb2e48a6c0a230c13c6
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
79177ed2a494071d4436cb0f7cd2559e884ba2bd0e801e4c70d05fa3385c0e42
Koules v1.4 (svgalib version) local root exploit.
c1aa67a699bdb06becfd648b8e011150782023036520a46cdbdfa729d406a53d
Network Security Solutions Security Advisory - A denial of service vulnerability has been discovered in AnalogX proxy v4.10. POP, FTP, and SMTP are vulnerable to a buffer overflow, crashing all the proxy services.
5aef40f870f3d865e1fac6523c6b03f76193a5c55734a094120a524fc881f6ab
Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: Hybris worm, and more.
76f4680db0b432d5f839932d8353e4d269bbafec9eba5b6328d8693fc1234efb