This advisory holds 120 vulnerabilities.
00cf12d8a5a8701f90a38c209a88b00c8028def67321206fa40aca19a90f593dWinterrogate recurses directory structure obtaining the following information according to filemask: File Name, Complete Path, Directory, File Size, Creation Time, Last Access Time, Last Write Time, and MD5 Checksum. Extra information Gathered on *.DLL, *.VBX, *.DRV, *.EXE, *.OCX, *.BIN, *.SCR (IF THE DEVELOPER ADDED IT) includes CompanyName, FileDescription, FileVersion, InternalName, LegalCopyright, OriginalFilename, ProductName, ProductVersion, Comments, LegalTrademarks, PrivateBuild, and SpecialBuild. Screenshot available here.
3b9a7e4cacbe044c5ee265d57a581f3a21ddf3e6ecec7eeb81f2d648a3044963MDcrack is a brute forcer for MD5 hashes. Many programs send MD5 hashes of passwords over the wire for security, not realizing that brute forcing MD5 hashes is as simple as brute forcing our old UNIX DES password. MDcrack has been built with performance in mind, and is capable of breaking up to 6 characters in length hashes in hours, 8 character passwords can be cracked in a couple days.
f461126b4ca11233cfa062d480d4aa8188198ac11ff3d4e420a6641323aee8c2Inflex is an email scanner which encapsulates your existing sendmail server setup. It scans both incoming and outgoing email and it does not alter your current /etc/sendmail.cf file. It can scan for email viruses, unwanted file types (eg. EXE, BMP, MPEG) and file names (eg. prettypark.exe). It can also be used to scan for text snippets within emails.
8abd5796beba3864da6aa212a676ba832cbbd9b4f4efc007f66c1ee5511ca8e5Incident.pl is a small script that, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
768aedcb8caea25e00a5e322adc3f3a8968fbb560588626eb982da93acbe02f8ya-wipe is a tool that effectively degausses the surface of a hard disk, making it virtually impossible to retrieve the data that was stored on it. This tool is designed to make sure that sensitive data is completely erased from magnetic media.
94f177c85cbd8e996a7eab129b32564a74720b6381ff5a1714bd8a9c3004717eLOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here.
def749880aa0851f91a2d1ae5289ffe42f4f7e346c33a54fcd66a96323b0e456Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
4aa85c44302a118473e975127932150d17f2c847eb2c31aba75cf54ffa5bb2daStMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
909fea48bf854a5ec92e4a60a669b1c0609f13118aa49647f57b775f69d65db46thsense is a TCP port scanning technique which allows you to remain completely invisible to the scanned host, as described in a Bugtraq post by Antirez. This perl script automates the tedious process.
1d1a5d827807512fba0b4550e510f4dc9a65667e1ff2831570e59dd613bc14c2Microsoft Security Advisory MS01-024 - A core service running on all Windows 2000 domain controllers contains a memory leak which allows attackers to deplete the servers memory, causing it to become unresponsive. Microsoft FAQ on this issue available here.
05e9dba4c46fa409164cf9a157b85989118d4d70d18e0ce0d9a084717085ea49Ldistfp is an identd fingerprinting tool which works well with all Linux and most *BSD hosts that have their auth service running.
2dd2ec6444e1af21666eded3968c31522c21dd0e5e2746574e87fcb334c614dbSecurity Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
9f42096a226e9018453c0a5bb30c1a3f8e250c470442bb4685104457aed6843dGnuPG is a complete and free replacement for PGP. Because it does not use IDEA it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application. Features RSA support.
9d45053b25d709c0358338d77a1435c4452d09029ee38ab403c6eca9dac6959ePort Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
365c544d9ae596e1c514bc35180f885e5ddcb79395f450e165838bf6ce7cf3b5mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.
5dc0d226e6d80a1f18151a1269cd24b5de5791680b9ee29183e26c277bc76100HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
8afc8f239df57d7e59887fc1c7a662a5e5cd9b87c22db29ea11bae50881dc1ceLsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
20bede6af359e9b2e9e2c464bd4e26ce16d488d584ffb85add31d8c501381a07iptables is the new packet alteration framework (firewall utility) for Linux 2.4. It is an enhancement on ipchains, and is used to control packet filtering, Network Address Translation (masquerading, port forwarding, transparent proxying), and special effects.
da4d93b1c3020bcef87809e69ef9c24d8fc81e1a696279e546ff84e5e8429bb0Inflex is an email scanner which encapsulates your existing sendmail server setup. It scans both incoming and outgoing email and it does not alter your current /etc/sendmail.cf file. It can scan for email viruses, unwanted file types (eg. EXE, BMP, MPEG) and file names (eg. prettypark.exe). It can also be used to scan for text snippets within emails.
657490d45dbb29f95afa92c6b49cbe813b4e5bd67985a7607b29fde1cbe3c5e8PIKT is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, security management, and updating system configurations. PIKT comprises an embedded scripting language with unique, labor-saving features. Binaries available here.
6f0a48185a82dcb2427684b86bcfe4f5e1781fa871c85917659c54f764bdb740Debian Security Advisory DSA-055-1 - The gftp package has a problem in its logging code which allows malicious ftp servers to execute commands on the client machine. This has been fixed in version 2.0.6a-3.1.
298107ba14642c6d63372744b8b8563c74b01a97174ddea28e973a233b9425d8Debian Security Advisory DSA-028-1 - Man has a format string vulnerability which leads to a local exploit for the man user.
7f1b284492e7f4466c1805b48d1553b0a408b290f99d672010d6fbe1e88e5746Cert Advisory CA-2001-11 - A worm which uses the sadmind overflow and the IIS unicode bug is propagating on the internet. Solaris systems compromised by this worm are being used to scan and compromise other Solaris and IIS systems. IIS systems compromised by this worm can suffer modified web content.
b7fd1b3c4d68118378d002763085fde45537233ded7492d3360c662fb0f27415kbdis.c disables the keyboard on most x86 systems. Useful for locking out root in a pinch.
d2559c85ee2c388d2f54bb79b4cf3e6bd5941488ee9e21421191f8c9b35e5618
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed