STonX v0.6.5 and v0.6.7 local root exploit. Tested on Slackware 7.0.
c751c9ecd87655ab1f2703c193c5080ea84909a0b48d28666ce7f32edbf5b25eWeekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the News the past week. In this issue: Laptop encryption and international travel, and much more.
942f2773e759562a9809329ed469a6366c25804fdcdd69b1e47abad7a1f95e7echkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
afe99cb3dadecbc1cdf1ac56fab17283b5c7eca9640f4798fd3ff404e05b2234Debian Security Advisory - There is a problem in the way gpg checks detached signatures which can lead to false positives. Also it was discovered that gpg would import secret keys from key-servers, circumventing the web of trust. GnuPG homepage here.
5d14e9537651bbc63698a8574da5f9f191cba27896ffb7f45b4cb6d6b2e12a34HEH! Magazine Issue #5 (In Spanish). In this issue: Free Calling in Argentina, Accessing Milicom Modems (Breeze Com), Wireless info, 6 year old cryptography, Semipublic Telephones, Disturbing a StarTac, Hacking Cuspide, and more.
09a68469031fafff5f58e2c56104afae70a992a4fd50ad3b12999524f1d27b3bUSSR Advisory #58 - The 1st Up Mail Server v4.1 contains a buffer overflow in a long "mail from:" tag which can result in denial of service. Fix available here.
b3f2abaf7829914bb59b16a6596355c2829b25a197a106b1184540398916f867SpoofW.c "spoofs" messages from any user on the system (can only be used as root, or as normal user on very old systems). Re-written by Root-Dude
4a5e56e60655e168369f38dd84cc5052a91abd3ee503bc5cc47330ac24ff1cbaummmm.c v2.1 is a URL obfuscation tool which converts something like /cgi-bin/some.cgi into %2f%63%67%69%2d%62%69%6e%2f%73%6f%6d%65%2e%63%67%69. It might be used in cgi scanners which require an input file with cgi requests.
4968493ed605717ad8e51ff70428152b2255e6ab112c2e87c121f76b07e16000Linux xconq v7.4.1 local exploit - Gives a gid=games shell by exploiting the -L parameter. Tested on Slackware.
58e72092adb49d8ae668a492bed2721cde6ad0ab1e236ba3ab3787b8b6b8d6f7Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
0ecc3ce0c713984c4cdf1db4c321409f8baf498b7b0a65ea41e020ceae5ffc20SendIP is a commandline tool to send arbitrary IP packets. It has a large number of command line options to specify the content of every header of a TCP, UDP, ICMP, or raw IP packet. It also allows any data to be added to the packet. Checksums can be calculated automatically, but if you wish to send out wrong checksums, that is supported too.
df7b3b785636cc2fcc8afa9ed8fd6ddd539d1d9d8fe70b19f05b1bcce15cb579Pdump is a sniffer written in perl which dumps, greps, monitors, creates, and modifies traffic on a network. It combines features from tcpdump, tcpkill, ngrep, tcptrace, dsniff (and its webspy and urlsnarf), pfilt, macof, and xpy. It is able to do passive operating system detection/fingerprinting and can also watch packet streams and then create it's own spoofed packets to hijack or kill TCP connections. It understands tcpdump-like and perl-like syntax and allows easy modifications via a plug-in system. The packet display is easily configurable. Man page available here.
a602c264c5aba0ba348610e2d470ce586566221a19fe2d173b61eadbc8f1bd10TWWWscan is a Windows based www vulnerability scanner which looks for 300 www/cgi vulnerabilities . Displays http header, server info, and tries for accurate results. Now features anti-IDS url encoding and passive mode scan. Tested on win95 osr2 win98,win98se,win nt4,win 2k/Me.
5e15fd47f1786fc1a908327948692eaab205e433c67dc4cd85910dc488b08cdaDebian Security Advisory - Stunnel has a format string vulnerability, random number problems, symlink vulnerabilities, and insecure syslog() calls. These are fixed in v3.10.
7c5528d13465844144c14d93e5020787edccc35ed0557d62e4572c41da757e91Debian Security Advisory - Dialog creates lock files insecurely, making it susceptible to a symlink attack.
0e1a4dfce47304b778ad0b42e62db3dd738036c36bdf2773a246d1ef9a82e135Authforce is a brute force www password strength testing tool.
473d8ca1770505766cd74d14d1b0cfcc20fce3f66fa70320799f6c2f156fb5f4OpenBSD v2.6 and 2.7 ftpd remote root exploit.
3bce3b748cccc4e919388bcb98fab8e0032f8b36b13107f0b8d2af7e7591fff5How to exploit format string vulnerabilities - In Spanish.
d30ae54998bb2cc00f334b5bae58862608dc3f8d9da7dce9df01a7975c7a1cc0SuSE identd remote denial of service attack - Uses a long sting to set a pointer to NULL.
5428c66fd108f4593af53e80bdb814ea4c560c05eda8deea3e7caaa7e617830eSuSE Security Announcement - openssh is an implementation of the secure shell protocol, available under the BSD license, primarily maintained by the OpenBSD Project. Many vulnerabilities have been found in the openssh package: An openssh client (the ssh program) can accept X11- or ssh-agent forwarding requests even though these forwarding capabilities have not been requested by the client side after successful authentication. Using these weaknesses, an attacker could gain access to the authentication agent which may hold multiple user-owned authentication identities, or to the X-server on the client side as if requested by the user.
6bc86fe768520b6d4748e5ce57dc320bc8e2cc6fab198eb115172bff82ff249dThis paper describes a possible way to attack hosts with RFC1918 IP addresses behind GRE Tunnels over the Internet.
f56cd653e16527b61bea075fcdd9e9bd1e145226aa80c22f2f48ba8f4bdd083aNSFOCUS Security Advisory (SA2000-07) - A serious flaw in Microsoft IIS 4.0 and 5.0 when handling CGI filenames allows any file on the system to be read and remote command execution, as described in here.
85c25f2dd295eef761bb7ed7766d70fbcfc7d6ba678f8b8cf47e98b2f9c639b7Pluto.c is a SOCK_RAW flooder which attempts to hide from conseal and ipchains.
8d9cd489065a7c20ca2164005dc5e8894dd2f18730f6eaf773403c9e662103eaSolaris 2.7/2.8 /usr/bin/catman allows local users to clobber root owned files by symlinking temporary files. Includes catman-race.pl and ctman-race2.pl for proof of concept.
9a29d9929df3618598e1b73b8901c5d5026303418322bac348f2cc5417e8cef6Microsoft Security Bulletin (MS00-100) - Microsoft has released a patch that eliminates the "Malformed Web Form Submission" security vulnerability in a component that ships as part of Microsoft Internet Information Server. The FrontPage Server Extensions (FPSE) which ship with and are installed by default as part of IIS 4.0 and 5.0 have a vulnerability which crashes IIS when a malformed form submission is sent. Microsoft FAQ on this issue available here.
0570cc66d8a2848c8d874674c177c4fefa1b9043c8e990e815130176ea89c8ad
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed