ICMP Usage in Scanning v2.5 - This paper outlines what can be done with the ICMP protocol regarding scanning. Although it may seem harmless at first glance, this paper includes details on plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.
f24d4c556d3ee9ffcb8171a788a947a60fbd2ff30a032eb88fe0fcf710c8c75fGuardDog is a firewall configuration utility for KDE on Linux. GuardDog is aimed at two groups of users - novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hassle of dealing with cryptic shell scripts and ipchains parameters. Features an easy to use goal oriented GUI and the ability to generate ipchains scripts as output. Screenshot here.
8701a7ca5b96c11874a45e291812c522aec538aa70a3641da2619abb8d168c5bSAINT (Security Administrator's Integrated Network Tool) is an updated version of SATAN, designed to assess the remote security of computer networks. Features include scanning through a firewall, frequently updated security checks, 4 levels of vulnerability severity, and a feature rich HTML interface.
acfb8dc42f242b154922991a4c583d3ce494aa79fcf0ee43a2e647bf2ddfec86The NAPTHA dos vulnerabilities (Revised Edition - Dec 18) - The naptha vulnerabilities are weaknesses in the way that TCP/IP stacks and network applications handle the state of a TCP connection.
c292602620f5df846e547c83d8ca52048ace27d17ccb5b270d8f412c29746e7cOpenBSD Security Advisory - A one byte buffer overflow bug in ftpd(8) allows remote attackers to execute arbitrary code as root provided they can create a directory.
0dbdf75b4723fe8bfe9ab6d31f303c851e38ba61ac63eb3664deef47a6b5ed86Voyant Technologies Sonata Conferencing Software v3.x on Solaris 2.x comes with the setuid binary doroot which executes any command as root.
66e1e97f64c7220d0c49571196c3c0b688f31aa0b1d4177776bcaca25289e18fOmni httpd v2.07 and below remote denial of service exploit. Combines a shell script from sirius from buffer0vefl0w security with a bugtraq report from Valentin Perelogin.
4d3154c89c3ecd6fc2094b5e325fa6c37806583f8e2045d1e514e145f3c09e7bRed Hat Security Advisory - New slocate packages are available for Red Hat Linux 6.x and Red Hat Linux 7. These fix a heap overflow in the database parsing code of slocate allowing group slocate access.
9ef88c164fb6814d053efbaecb132a8bed3a64a0558c53ee57f3796cba96c540Defcom Labs Advisory def-2000-04 - Bea WebLogic Server for Windows NT prior to V5.1.0 (sp7) has a remotely exploitable buffer overflow in the handling of URL's which start with two dots. Arbitrary code can be executed as LocalSystem. Fix available here.
1c0de5ec329656e24655156e39a44ee2e64f733317110e581319f00cbc00b4baDefcom Labs Advisory def-2000-03 - MDaemon 3.5.0 for Windows NT and 2000 contains a remote denial of service vulnerability due to some problems handling buffers within the IMAP and webconfig services.
7b99f2952cca90165759bc8794ad6cf6d5f6f1cd26cb446ccebb1b66b11b240eRed Hat Security Advisory - Bad TCP packets (e.g. a SYN packet with kind=3, len=0) over a PPP-over-Ethernet link could lock up rp-pppoe, making it vulnerable to a remote denial of service attack.
4f1fe9966d6cf70c97c2b8b494b85e06c41e213cd709a98b257807d891031a5ePatch for GnuPG v1.04 to fix the signature verification vulnerability which can easily lead to false positives.
81673aa4b233497ea537475462b2a2d09fdd7a1b1b86e3fd833f5e1c7b3b3ba7Red Hat Security Advisory - When importing keys from public key servers, GnuPG will import private keys (also known as secret keys) in addition to public keys. If this happens, the user's web of trust becomes corrupted. Additionally, when used to check detached signatures, if the data file being checked contained clearsigned data, GnuPG would not warn the user if the detached signature was incorrect. Updated GnuPG packages are available for Red Hat 6.x and 7.x.
a3d7a469d62f08607589d4d684c30cde65da46296d86d4bf17374486f4d6ffb7NetBSD Security Advisory 2000-017 - A one-byte remote buffer overrun has been found in the ftp daemon which is believed to allow remote attackers to gain root access. A bad bounds check was found in the replydirname() function.
e0ab5c31958bafa483ecd3f408d2edbd579e570fd1a7c4b75e395e24680f2190NetBSD Security Advisory 2000-017 - Kerberised telnetd and libkrb contain exploitable local root bugs. There were two problems - first, telnetd allowed the user to provide arbitrary environment variables, including several that cause programs to behave differently. There was also a possible buffer overflow in the Kerberos v4 library.
e2ca278f746dd9a252a1141d30648c61f4059f12835a666a65c72466f7ff53b7Red Hat Security Advisory - When invoked in daemon mode (that is, without the -l or -f flags), stunnel will attempt to log its process ID to a file in the /var/stunnel directory, which does not exist. This errata changes the default directory used for PID files to /var/run.
0a182e09569679f9691a22b66cc4510f387b1bc75c377fbebc37fdc213c6d47fThe Korn Shell (ksh) uses temp files in an insecure manner. Demonstration included.
46bf095b3af47f5a39cd2ce0d8c077e482095e3d43d2cc6b15980c73f2114313Infinite InterChange is a Win95/98/NT/2k mail server which has a remote denial of service vulnerability where it can be caused to crash via a malformed post request. This has been fixed in Infinite InterChange v3.61.
559ea8e4a462900c2ff37f454cf8826455a86a72a81384b69ee480184c46eb97OpenBSD ftpd unofficial patch - The patch released to remedy the problem with the 1 byte overflow problem was junk, to remedy i recoded the original ftpd.c file with the fix. This takes the bite out of fixing this problem. Replace the original ftpd.c with this and recompile.
f19e7b22d424c83f3307f0c01b0a5fb8088df00d3f3e6247a3a9fa902f059d43Microsoft Security Bulletin (MS00-098) - Microsoft has released a patch that eliminates a security vulnerability in Windows 2000 which allows malicious web site operators to learn the names and properties of files and folders on the machine of a visiting user. An ActiveX control that ships as part of Indexing Service is incorrectly marked as safe for scripting, thereby enabling it to be executed by web site applications. Microsoft FAQ on this issue available here.
dea039b3a54461433703185993d68742ed9c4f44655892b6dc44d7ef1927f45bThe ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicking browser behavior almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool. As a result, one can hijack heavily protected HTML forms, perform dictionary attacks on login forms, and do sophisticated CGI scanning.
368dd7c59b8d936b9255f164b4c02a0d05b0c90083e4be01c3d66ae90fdd80dcAchilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP sessions data in either direction and give the user the ability to alter the data before transmission. When in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
8d37fae5ec3403f353e17f27ec4f0ec69532b5c9cee582430c45452c1abbe21dMicrosoft Security Bulletin (MS00-099) - Microsoft has released a patch that eliminates a security vulnerability affecting Windows 2000 domain controllers. If the Configure Your Server tool was used when the machine was originally promoted to domain controller, the Directory Service Restore Mode would be left blank, allowing malicious users to log onto the machine in Directory Service Restore Mode. Once logged on, the malicious user could alter system components or install bogus ones that would execute when a bona fide administrator subsequently logged onto the machine. Microsoft FAQ on this issue available here.
097a2291b5054d4ff9e849dfa437e881e60c5ee292001b490388bc935ad40744FreeBSD Security Advisory - The ethereal port, versions prior to 0.8.14, contains buffer overflows which allow a remote attacker to crash ethereal or execute arbitrary code on the local system as the user running ethereal, typically the root user. These vulnerabilities are identical to those described in advisory 00:61 relating to tcpdump.
828d9cfad5c76c7fc333df6b49ded0d2f3b1ea88ab3e81fd1bddf8577f739383FreeBSD Security Advisory - The halflifeserver port, versions prior to 3.1.0.4, contains local and remote vulnerabilities through buffer overflows and format string vulnerabilities which allow remote users to execute arbitrary code as the user running halflifeserver.
27876be2ead88fd843b314f7f73a541d4c1743b24d63ebd0aa8adc22052508b3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed