chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
e29c1a0b2dde2068163c77b587c8fbe517fc5f4cedec74a896122def2ccd37ddHP Openview NNM6.1 and earlier running on unix contains a remote vulnerability in the suid bin executable overactiond. Any program can be started remotely by sending a SNMP trap to the server. Exploit details included.
8bae1494554d275412868e489713e831885ff1d72e8a63633bb2f8680fe0525aRazor / Bindview Advisory - There is a buffer size checking related fault condition in Microsoft Windows 2000 telnet server. This vulnerability is present only if telnet service is running and plain-text logins are allowed. If there are already 4300 characters in the buffer, username length range checking does not work. Perl exploit included.
be12ffcb3f00a8aa6f4162cd3e7951feb76a5d093a8d28f0c9847b0b212e51c2Microsoft Security Advisory MS01-031 - This bulletin discusses seven new vulnerabilities affecting the Windows 2000 Telnet service. The vulnerabilities fall into three broad categories: privilege elevation, denial of service and information disclosure. Two of the vulnerabilities allow privilege elevation and four are denial of service attacks. Microsoft FAQ on this issue available here.
275cc644551b34ab079ae421747cbb602e4ba75e134167b2c0b19294f3a910b9Cue.sh exploits an old hp/ux local root vulnerability which remains unpatched on most systems. Tested on HP.UX 10.20 v899. /usr/bin/cue exists on 800 models.
472483aecd2a7b9ae3663034d47e3348ad1cb85b56301582f36fd92c0f77c432Passlogd is a sniffer which logs traffic on the UDP syslog port, allowing a syslog receiver to have no open ports.
bd223eaa2a280c832a8a9653dcada9835927ce76ed2c20445966f6d461247f0dPasslogd is a sniffer which logs traffic on the UDP syslog port, allowing a syslog receiver to have no open ports.
6d632883aa1d1f497d54b461d54b3df491cd475e77a00342548fb282b0ab3b0cFirestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
3148ae3a478e12d7be6f62059295349c4d7dbc4ef15fec0ee23d0ee0f2f9ae03Microsoft Security Advisory MS01-030 - Exchange 2000's web access (OWA) has a vulnerability which allows an attacker to send script code to users which can take action against the user's mailbox as if it were the user, including, under certain circumstances, manipulation of messages or folders. Microsoft FAQ on this issue available here.
f7f48318c3d4e4c6d067c2811d272a2e95f9a678915af7f158259f9cd09892f8Su-wrapper v1.1.1 local root exploit for Linux/x86.
942b946e556a127ab3738e8046bb6401be1e111a46efe383d2ad6b46481182a5MindTerm is a complete ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
bd773bec00af0e7d8bcc99ef91ef50f897b8e537c10e4aebd81edb326fa08f81Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
7ff8fe36aecdf1e150ddcc52d1f62484699ce6c98385bcac198ec02989597243Arping is an arp level ping utility which broadcasts a who-has ARP packet on the network and prints answers. Very useful when you are trying to pick an unused IP for a net that you don't yet have routing to.
6403f30d63d52ebe9059a93dc0026c8a421ce628f683d01d048bc6b584945fb2RSX is a Linux LKM which stops most buffer overflow attacks. It is a Runtime addressSpace eXtender providing on the fly code remapping of existing Linux binaries in order to implement non-executable stack as well as non-exec short/long heap areas. RSX targets common buffer-overflow problems preventing code execution in mapped data-only areas. Currently a 2.4.x version of the kernel module is available.
ae4b689feaf93c5e1e1b4e43c24cf1ad1d1274a002df6d49a1c9837817fafd10Tiatunnel.c is a Linux/x86 remote exploit for TIAtunnel-0.9alpha2, an IRC bouncer. Tested on RedHat 6.2 with TIAtunnel-0.9alpha2 from tar.gz. Binds a shell to port 30464.
77aa0c85e58b973ca86ca00a5c8eaabd32591cdc8a7e911c09f1ffb2fbc8c95aVudo.c is a Sudo-1.6.3p5 and below local root exploit. Tested on Red Hat 6.2 with sudo-1.6.1-1.
5feeadaf61cb4fda4301b7053a857303db23d94fcdd06171b02cd101ee366e61The QVT/NET 4.3 FTP Server and the Shambala FTP Server for Windows 9x/NT/2000 contains remote vulnerabilities which allow users to see and retrieve any file on the server. Exploit information included.
40f5fee603c5fb9de026a015b88a134d7d3e0fdf79a92fe4ca6eb6a136c06883Stealth Syscall Redirection - This article describes a technique of redirecting system calls without modifying the sys call table (implemented in Linux). This can be used to evade intrusion detection systems that use the sys call table to register redirected or trojaned system calls. The basic premise behind this attack is to modify the old system call code to jump to the new system call, thus control is transferred to the replacement system call and the sys call table is left untouched.
b65637f6eb6460d4d82d35adddf11e37ba7cdf38d977e6f9f161d95599528e70StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
3a46b99429e5f1bbbff87fa24b0ed3404e912a0cc93c119499d0f899367e02a6ICMP Usage in Scanning v3.0 - This paper outlines what can be done with the ICMP protocol regarding scanning. Although it may seem harmless at first glance, this paper includes details on plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.
75cc3f1aca7052c3ce41ac23e57dd34c03d0762e2b433480c810bfd580de6b74Georgi Guninski security advisory #46, 2001 - There is a buffer overflow in SunOS 5.8 x86 with $HOME and /usr/bin/mail leading to egid=mail. Includes exploit.
e879b1c4adebb7537847ceb4679cff3cda7379230d9c135006e688aecdd1a01ePacket Storm new exploits for May, 2001.
f57f3b5f09f5712f1bd0ed4dd43383a800ec94fcc48e9e6646e82555f0ff4323nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
010142ce00991528e4574140d8f28405e7b861e6f089ed82898daee29a17273dThe Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection. LIDS FAQ available here.
0eb9c8337d0ebff278320b37447da70b318ca4e6736a28aa3be2e2df4fdb8d00Inflex is an email scanner which encapsulates your existing sendmail server setup. It scans both incoming and outgoing email and it does not alter your current /etc/sendmail.cf file. It can scan for email viruses, unwanted file types (eg. EXE, BMP, MPEG) and file names (eg. prettypark.exe). It can also be used to scan for text snippets within emails.
f70118b80638e150eb79b426f90b366b3cf8a6ef15a2b8d1d4ac1a9e87a63e47
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed