Phf remote buffer overflow exploit for Linux x86. This is unrelated to the well known bad filter problem.
dda637097e40cd9c4bab46146c697ddeda5528f58361e4794448e0c9456e6f07The ip-masq-log patch can be used on a masquerading firewall (NAT) to keep a log of all the outgoing masqueraded TCP connections. It's even possible to log the name of the user who has opened the connection. This can be a useful security tool for many small networks that are hidden by a masquerading box if users cannot be totally trusted.
741989f2edf1072b9ed32f11850fff07fe8300d84ec840403a40e921f48f2f4fBestCrypt (Windows Version) creates and supports encrypted virtual disks and these disks are visible as regular disks with correspondent drives. The data stored on a BestCrypt disk is stored in the container file. A container is a file, so it is possible to backup a container, move or copy it to other disk (CD-ROM or network, for instance) and continue to access your encrypted data using BestCrypt.
18d5003961b0ca6fc8851cd3062c6d7b94d9b40f9864ec6afaab65bc013e0a65BestCrypt (Linux Version) creates and supports encrypted virtual disks and these disks are visible as regular disks with correspondent drives. The data stored on a BestCrypt disk is stored in the container file. A container is a file, so it is possible to backup a container, move or copy it to other disk (CD-ROM or network, for instance) and continue to access your encrypted data using BestCrypt.
355fe6fcb9db7a0509759e2ffaa8871eacb8f6a8ea1aff2460287cdc252b9ff5A Win32 networking API called NetUserModalsGet() requires no authentication, just the establishment of a NULL NetBIOS session. This API function can be used to get the system-wide password policy information (intruder lockout, the depth of the password history, minimum password length requirements, the name of the PDC, and so forth) from Windows NT and Windows 2000 machines. Because it's RPC-based, like all the net functions, it can be executed remotely (providing the relevant ports are not blocked by an intermediate router or firewall). A tool called ChkLock is available to use this function and retrieve sensitive information from remote computers.
e5142bbf12038e1ffedc5b956b2dcf8df1d3fdf0899d8c4da7e509726cbe01b5PaX is an implementation of non-executable pages for IA-32 processors (i.e. pages which user mode code can read or write, but cannot execute code in). Since the processor's native page table/directory entry format has no provision for such a feature, it is a non-trivial task. The project was designed to provide Linux with protection from buffer overflows. Making parts of the memory pages read/write access enabled, but not executable provides the protection.
faea474553fd29e84faa95776278103cf2b75309de15c8d6b107fc9b912fa570This utility was originally designed to upgrade the Microsoft Outlook PST format to version 19. One of its side effects, however, is that it can strip out the PST (Outlook) password. This can therefore be used to recover passwords you may have forgotten on your PST files.
8c304c157729e8e6c951ba86b9f18849f725504b825605170531a530c77cd6c7Gethead.pl is a simple scanner written in perl to retrieve the remote http server version.
97c4a31267be99f1635bb28f0e228ecc16229a6103041a8e77bb0956887a87a0Libtrace is a library for Linux which helps debug in circumstances where it is not possible to run gdb, such as multithreaded programs. The library provides functionality to print function backtrace information, similar to that obtained with the bt command in gdb.
7f59f3c8bb133fe2ebc0fdd5fbc43fdb2414c1477cd93b07c224dc2319914ae4SuSE Security Advisory - Several recent issues are covered in this advisory, including a gpg, bind8, pine, gs, global, tcpdump, tcsh, and the module package.
82bf75c1a50e52d7b78b11de64063c4c43581207d3fefd769ecbd34f0c751039Gnomehack v1.0.5 local buffer overflow exploit which gives a egid=60 (games) shell if gnomehack is sgid (2755), tested on Debian 2.2. The same bug also affects Nethack.
816be742420d036d0db3dc9087eb0fb8b2fcf51694ed67304fa2c176d19a55caVoyant Technologies Sonata Conferencing vulnerability report - Local and remote vulnerabilities have been found in both the Solaris and OS/2 hosts, including reused default passwords, poor file permissions, a lack of host hardening, account enumeration, and an insecure X console.
a8e729c47d2cec5776df25793904a78c510a9d33109cf09b1c50ec0743406e0eComputer Crime Law Archive Volume 3 (v1.1) - Tutorial on state computer crime laws for Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, North Carolina, North Dakota, Nebraska, and Nevada.
369ceb24931488eaecd0186e78c9c57d782e0d3554d915ddf17cdd3598ba1f9dFreeBSD Security Advisory FreeBSD-SA-00:70 - The firewall deny feature in ppp(8) is broken in recent releases, accidently accepting all packets. Thus, users who are using the deny_incoming functionality in the expectation that it provides a "deny by default" firewall which only allows through packets known to be part of an existing NAT session, are in fact allowing other types of unsolicited IP traffic into their internal network.
bf75016fdfea8f24b3b567d3785ad4b397a9101963c3f7d83f7f046f2f3ed3b3Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall).
2a96784a9afb8679f7fa4e622c6a178b4036a13ca187ff0e17b65eb10371399aProbe 4.1 is a host scanner compilation for Linux, featuring nmap, snmpscan, netbios auditing tool and super-cool vh shell script.
51f22f1c5671755c21d60b142762034033196be1d958c0d72af178d101a42b15THC-Hydra is the world's first parallel login hacker. With this tool you are able to attack several services at once.
d82493f90f1d1ffec70a5b561e9a21ada59a172ad0beb2e619f29d931c7434fbThis is the OpenBSD version of OpenSSH, a suite of tools which encrypts network traffic. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
d388bc215c927137442c7865bf90030c895cd5aa3151cc3cb4653ab15a4529f3All versions of the OpenSSH ssh client prior to 2.3.0 have a vulnerability which allows malicious OpenSSH servers to turn on port forwarding even if it is disabled in the client configuration, allowing hostile servers can access your X11 display or your ssh-agent. Newest version available here.
88a6f152715ed2102ed19a929d57f787c9dc819200cd2d44c5c2953c5a65bd70Openwall.c is a local root exploit in LBNL traceroute v1.4a5 which executes the heap instead of the stack, avoiding the openwall kernel patch.
5a4eb07dd10935e561cd0362cab0d201490486943936df1793875876d5cc6377Traceroot2.c - Improved local root exploit in LBNL traceroute v1.4a5. Tested against Debian GNU/Linux 2.2 x86 and sparc, and Red Hat 6.2 x86. Advisory on this issue available here.
a06125779635863516715cdc87f58a395e2f5821e7f2c5fb7bace3311690914bFCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
1c92c871739ce9e42cfb6c838ff0171c5bf70e8c9256ed4bdd8ee54aa0f0de32Solaris Sparc 2.6 / 7 local root exploit against /usr/bin/passwd which uses the yet unpatched libc locale bug and bypasses non-executable stack protection.
9dc277fdb780142c947251ebc93a3f2d952d404ea7c6e9a9a18360bb133880c4BSDI /usr/contrib/bin/filter v2.* local buffer overflow exploit. Tested on BSDI 3.0, provides a shell with GID mail.
e534fc0c8aa82b47dead2e0e671e1935ad2cdccabd46b611e35f366b86b24a78Shadow Penguin Security Advsory #37 - WinProxy 2.0.0/2.0.1 (now known as Black Jumbo dog) contains many remotely exploitable buffer overflows. Exploit for the POP3 service included, tested on Japanese Windows98.
78e8de82cf9348d47c5825f12d48e94baa226fdb5c9e134cadcd9e5e315b39a4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed