Debian Security Advisory - CUPS allows remote users to abuse print services.
4977a46d21f2a0e14563bee4ed0429b67dc83a2bc56fa7dc5b82bd15789138ff
A fully functional TCP port scanner for the PocketPC. Screenshot available here.
0ea25351b6ce5dfe7a013a9400eafdcdb7374203fd7c10271a66dbe442c27b29
floppyfw is a router and simple packet filtering firewall on one single floppy. It uses Linux ipchains firewall capabilities and includes a simple packaging system. It is perfect for masquerading and securing networks on ADSL and cable lines using both static IP and DHCP. It is simple to install, you only need to edit one file on the floppy.
da32687d5453c84b323aa879cfb47a4cc986ce84cda01c919cdc11acf11fbde1
Lots of good information on Oracle Database security. From the packet storm forums.
9c21cda33e2fe82137f1e4b5cf476e37e568b8ae5be7497d8dae89cdc093a286
Shell In A Box provides shell access to a server from within any Java-enabled Web browser. Requests are tunneled over HTTP using the same proxy settings that the browser uses. On the server, it installs as a CGI program, and there is no client-side installation necessary. It sports full VT102 emulation with Unicode support, international font files, ANSI colors, a scrollback buffer, mouse position reporting, clipboard support, and user-configurable emulation modes. All user preferences are stored as cookies in the client's browser.
bab597954c3f02125d4b13bcb88954599602b33329b4ce52df6299fcffb5f9ea
sping sends ICMP ECHO requests to network hosts to determine whether they are 'alive'. It is a small and hopefully secure implementation of the common ping utility that offers far less control over the packet options that may be specified (packet size, delay between packets, etc.) - this is a feature, for both security and bandwidth reasons. sping has been tested on Linux 2.4.0-test8 but should work on other operating systems.
5d18db6fc500692b383fc05fbd67e5b833897c35d8f847c4b2f4fe0487aa229b
Tetrinet v1.13 has a denial of service vulnerability which is caused by telnetting to the tetrinet port and pressing enter once, freezing the game.
ed11e968ca11f1ec388ea80f84379db00319fe1bf75648088cf4b43c2f6bc74f
IIS and NTS 4.0 Hardening Guide v1.1 - Detailed instructions on tightening down the security on an IIS 4.0 web server. Includes install and setup details, server configuration, hardening, registry edits, securing permissions, firewall ACL's, and SSHD. This hardening procedure should NOT be used on general-purpose NT servers on an internal LAN as it removes several of the services that NT uses for default functionality.
6a460f07556c6f4e9eb5683f3c5badc17be689e406aa0c961ddd5f0fc7a47cc9
secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
08c177f1c5eba6e4857fb8a5a55d96687448658c9bafbac14c6c38b672e4428d
Ethereal v0.8.13 advisory and remote exploit for Linux x86. A stack overflow in the AFS packet parsing routine allows a spoofed packet to start a root shell bound to TCP port 36864.
5849011e1fbedaeca9f6469317a94d0d5df77b160e51dc2cfaf731ba6fdbc8e5
Debian Security Advisory - The version of Vixie Cron shipped with Debian GNU/Linux 2.2 is vulnerable to a local attack, discovered by Michal Zalewski. Several problems, including insecure permissions on temporary files and race conditions in their deletion, allowed attacks from a denial of service (preventing the editing of crontabs) to an escalation of privilege (when another user edited their crontab). As a temporary fix, "chmod go-rx /var/spool/cron/crontabs" prevents the only available exploit; however, it does not address the problem - upgrade is needed.
45066b5be833b8794dd17760df1ec1d6a414c23ede771168906f53a3c837a917
TWWWscan is a Windows based www vulnerability scanner which looks for 300 www/cgi vulnerabilities . Displays http header, server info, and tries for accurate results. Now features anti-IDS url encoding and passive mode scan. Tested on win95 osr2 win98,win98se,win nt4,win 2k/Me.
85c1488d269fdad50572536aac20c1d395ceaafdbeafcfc1028143b4b42da470
Joe's Own Editor File Link Vulnerability - If a joe session with an unsaved file terminates abnormally, joe creates a rescue copy of the file being edited called DEADJOE. The creation of this rescue copy is made without checking if the file is a link.
81d90d5f00752f52b9f0c8ad8e4f3c8f10e765b68b658e3a52086b00f61ecc5a
Red Hat Security Advisory - modutils, a package that helps the kernel automatically load kernel modules when they are needed, can be abused to execute code as root. Modutils versions between 2.3.0 and 2.3.20 are affected.
d79f35e014cc137a2c1518dabb49bb3452dd651410f58f0abcc7a452fbc9522e
Core-SDI Advisory CORE-20001116 - A memory contents disclosure vulnerability was found on RealNetworks RealServer which will give out information about the server configuration, runtime memory data and tokens and authentication credentials. This information allows an external attacker to possibly obtain administrative access to the server or to data belonging to other user sessions. Fix available here.
c2d5b9a6f8bb847c26085737a31823a5af9c5e39178425d25ff41f683ab6f4fe
Vixie crontab local root exploit - an insecure fopen() call in Paul Vixie's crontab code is exploitable on systems where /var/spool/cron is user readable, such as Red Hat 6.1.
ab44f3d242c7a1c5af9df46eb9bdc3905efc1ef485b1406235d10775c03e5ede
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.
8ccab09968ee0a51b065e5cb1f03da7de08d775b865641788eeee6286c8357b7
ITS4 scans C and C++ source code, looking for function calls that have potential security vulnerabilities. For some calls, ITS4 tries to perform some code analysis to determine how risky the call is. In each case, ITS4 provides a problem report, including a short description of the potential problem and suggestions on how to fix the code.
f080f220f8b9d818b398ddcdd55ec7394ef796c8aa7f72b1f99b1b887cc11e0d
Microsoft Security Bulletin (MS00-088) - Microsoft has released a patch that eliminates a vulnerability in the Microsoft Exchange 2000 and Exchange 2000 Enterprise Servers that could potentially allow an unauthorized user remote access to the server. Microsoft FAQ on this issue available here
8af01f46de113232f8ecc40c655029f971ded5ab4d37912f65aa209390c0ad1e
Microsoft Security Bulletin (MS00-087) - Microsoft has released a patch that eliminates the "Terminal Server Login Buffer Overflow" security vulnerability in Windows NT 4.0 Terminal Server. An unchecked buffer at the login prompt on tcp port 3389 allows malicious users to execute hostile code on the server. Microsoft FAQ on this issue available here.
c499d8dfb5f3e4b8b6955fbe0c424c103c447fc98129afd5a443c1626b2a665e
Socks5 v1.0r10 remote buffer overflow exploit. Tested against Turbolinux 4.0.5 and Redhat 6.0.
1a9303c0f97246dd3156fb56a5fa42a61bf599c1860acd6a5af0eb6f7dfe2135
Defcom Labs Advisory def-2000-02 - The Cisco Catalyst 2900XL and 3500XL series switches web configuration interface lets any user execute any command on the system without supplying any authentication credentials if no enable password is set.
fb3eb565b332a1d4716df6739f52f1c56170f54af3e8c1051420af084f828026
AOL Instant Messenger contains a caching vulnerability where once you have logged onto AIM with a screenname, you can permanently login with that screenname.
082713c2e36c75c665e6bb56ba99874d4c5196b712c54fcc9aafe49eff7eae7f
BSDI Elm 2.4 local buffer overflow exploit. Tested on BSDI/3.0, gives a group mail shell.
6a330ce2fc59bf584d239c77e5b345d9e7bb1abdf51acce4a1c2b43634c09ae2
Crypto-gram for November 15, 2000. In this issue: Why Digital Signatures Are Not Signatures, SDMI Hacking Challenge, Microsoft Hack (the Company, not a Product), and more.
dc772bbdbf2bb21adfae614b25f3926130299781ac432ce3c9207ebb4138a35b