Qflood.c fills up a Quake server with spoofed "unconnected" clients, disallowing other players the ability to connect to the server since the player limit fills up quickly. Additionally, if the server does not support multiple clients from the same IP address, it will disconnect legitimate players if the spoofed connection request matches that player.
95dc326a06fe3c681ddfaa0640318f142424dde88304e2016971c379de4e6763
Slackware 8.0 and below ships with /var/man/cat* chmodded 1777, making it vulnerable to symlink attacks. This exploit creates a suid shell with the UID of the user running man.
0fb25cf68a4fba71eceef2ca23db4efbe592af7e1416b2d13051e5e4b6990a46
CERT Advisory CA-2001-18 - Several implementations of the Lightweight Directory Access Protocol (LDAP) protocol contain vulnerabilities that may allow denial-of-service attacks and unauthorized privileged access. Vulnerable services include the iPlanet directory server, IBM SecureWay running under Solaris and Windows 2000, Lotus Domino R5 Servers, Teamware Office for Windows NT and Solaris, Qualcomm Eudora WorldMail for Windows NT, Microsoft Exchange 5.5 LDAP Service, Network Associates PGP Keyserver 7.0, prior to Hotfix 2, Oracle 8i Enterprise Edition, and OpenLDAP, 1.x prior to 1.2.12 and 2.x prior to 2.0.8.
9e19cd7d66a55eef48a071019853306af25f3e45626db8738dc134913870e60f
Local root exploit for /usr/bin/ml85p, a suid binary which is vulnerable to a local symlink attack. It is included in Mandrake 8.0 by default.
7fc636ec99a7121c1576f6a3baa4cfa2f6d10bc5a5797fccdad14335a04ae46a
Xxman.sh is a local root exploit for an insecure system call in xman.
dd25b5e529ce5af581d7a7a71daf938f6d23f44ce00583eff27d6eb652b11730
syslog-ng is a multi-platform syslogd replacement, with lots of new functionality. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The configuration scheme is both intuitive and powerful.
d4d3bc043ac32bae2d82f2b91830abca12aba7bff2bdf1379d396f5a0d4608d7
LOMAC is a dynamically-loadable security module for Free UNIX kernels that uses Low Water-Mark Mandatory Access Control (MAC) to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised network server daemons. The LOMAC loadable kernel module can be used to harden Linux systems without any changes to existing kernels, applications, or configuration files. Due to its simplicity, LOMAC itself requires no configuration, regardless of the users and applications present on the system. Whitepapers available
a364baae205e84f39f6e346400744e8ab469805a48bbf940fbc54d1e10a2bfb7
ferm v1.0pl8 compiles ready-to-go firewall rules from a structured rule-setup. These rules will be executed by the preferred kernel interface, such as ipchains and iptables. ferm will also add in modularizing firewalls, because it creates the possibility to split up the firewall into several different files, which can be loaded at will, so you can dynamically adjust your rules.
8a08d855f3fe640fc7f344ba40c79e07a3272920ee837f1d352e1b2ba6719495
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
f96e51ccf13e9b13fb80a837de32b9f016e62aabed02338d3964c5886d9ae554
nPULSE is a web-based network monitoring package for Unix-like operating systems. It can quickly monitor tens, hundreds, even thousands of sites/device s at a time on multiple ports. nPULSE is written in Perl, uses nmap as its core scanning engine, and comes with its own mini web server for extra security.
800439f4306056aba2feb40201190d05bf8f793ad9ba37f19bebb3960641f06d
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
6e4d7e447da11663c0fcc3a2d11473a11cf10c1749296834f5f4397a88f6e5df
Log_analysis is a log file analyzer which extracts relevant data for any of the recognized log messages and produces a summary that is much easier to read and can be easily configured to recognize entirely new log types. log_analysis natively understands about 100 different kinds of syslog messages, as well as sulog and wtmp messages for Linux, Solaris, and OpenBSD.
35732b17e1e80a93fb35ca0eae6650428094b21c32c6df4e2dc6d312d3bc5a54
Aldebaran is an advanced libpcap-based network TCP, UDP, and ARP network sniffer which gives a user only a payload from captured data and basic info about addresses and ports (nothing about flags, etc.). This is useful for monitoring data sent by connections and sniffing passwords. It supports filtering packets with not only simple port/address libpcap rules but also payload contents and can send captured data to another host via UDP. It can also encrypt data written to a dump file, analyze interface traffic, and present statistics (packet count, sizes, average speed, etc.) in HTML or a plain text file.
5b29ff9b1edfb18e2c818dd568e38feeff1400484416ae12ab48a949c22889cf
PortSentry is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations. All modes support real time alerting and blocking.
eb06f3c328614365a9fe61b8878acb76cbf364cb695dda37536a3b0e07a13f1f
Knocker is a simple and easy-to-use TCP security port scanner written in C. It is able to analyze hosts and the network services which are running on them. Knocker it is available for Linux and Unix platforms. Both a console version and a GTK+ version are available.
0296ad8f3be20dff4b9a2073b693525011e9861389d84b7b034f002d1d31d8f6
Netscript is a portable and lightweight tcp socket scripting tool. It is intended to allow anyone to script situations based on a word-to-word ruleset response system. Includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support and reverse binding among other things.
ec3ec8bfbea836ad88ed5eff25584909c80fd96f7650b1069e57c67f70eb37f1
IPA is highly configurable IP accounting software for Free and Open BSD. It allows to make IP accounting based on IP Firewall and/or IP Filter accounting rules. In most cases IP Accounting Daemon is run on public servers, software routers, etc. It uses powerful IP Firewall and/or IP Filter accounting rules and based on its configuration allows to escape from writing scripts to manage network accounting.
98051e8428eedcfe98dec4829f5a65b4d57889ffefb7b27fefc6d33c226577b7
Darkstat is an ntop-workalike network statistics gatherer. Built to be faster and smaller than ntop, it uses libpcap to capture network traffic and serves up Web page reports of statistics such as data transferred by host, port, and protocol. It also has a neat bandwidth usage graph.
c59dc3675e7f761e7150d374776e72156cacf59550ff304c60518a1e1be20918
Current versions of xdm are sensitive to trivial brute force attack if it is compiled with bad options, mainly HasXdmXauth. Without this option, cookie is generated from gettimeofday(2). If you know starting time of xdm login session, computation of the cookie just takes a few seconds.
0231e769ce0cf64ff3d44ec208793b0c73a09fcdaf72f77222399557a47d9b35
Nerf Group Security Advisory #4 - Microsoft IIS 4 and 5 can be crashed remotely by reading device files (com1, com2, etc). Exploit URL included.
0f02809f7d12dc60415cd1b19bbc6cce5a88d1a6a9c0de0f91484303085ba0d6
Solaris 5.8 ldap / passwd local root exploit. Tested on SunOS 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-60.
976064b2ea77c1c8c443af7bd3a6b22094d124f55fdf673bb26f5205d6e334a3
lmail local root exploit. Simply run it with the file you want to create/overwrite and the data you wish to place in the file.
ff21e217a7ee6a988dfe12d26ee5f7bdafde7ca74bec3f4eee9cbaa42d1ea328
Webmail on the Cobalt Cube contains a directory traversal vulnerability which allows users with mailboxes to read any file on the system. Exploit URL's included. Verified to work against the Sun Cube III as well.
1affd95a288c842d09addf3da78a30cb53346dabcd3917f23ac63d00b2e272cf
Solaris whodo local root exploit. Tested against SunOS 5.5.1, 5.7, and 5.8 for x86.
75132e64c0b577687b4b50af180faba96a00dcb5b64fa8ba8042f7cbbbd10957
Patch advisory for Sun Microsystems. Please read for details.
2172ccc04a06332325edb363539576d955980a9dbc6b5c4161ff4a0aaa6deebf