Patch advisory for Sun Microsystems. Please read for details.
7b81d7b40500ef7fc1b31b126879e07d10216118ce7b0486b1fc89745f9819b1
Solaris 8 libsldap local root exploit. Tested on an Ultra10 and an Enterprise 3500 with success.
703e2effcab17ca46f0f0820fae8e927c45ac8cfb996d67be8fc666421a7a8f2
ISS X-Force has discovered buffer overflow vulnerabilities in two popular Remote Authentication Dial-In User Server (RADIUS) implementations. RADIUS was originally designed to manage user authentication into dial-up terminal servers and similar devices. It has since been used as a standard for access control and user authentication for numerous Internet infrastructure devices, including routers, switches, and 802.11 Wireless Access Points.
d5d80e70fd98ab61af0a31f821187d5887d6b3bb8563e79b3a40554e82a4ba19
Microsoft Security Advisory MS01-037 - The Windows 2000 SMTP service, which is installed by default, allows unauthorized users to successfully authenticate to the service using incorrect credentials. An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service and perform mail relaying via the server. Microsoft FAQ on this issue available here.
7d3ed4b66cfeab0d4a76065bf994f2e1498f2676ac11b99f097bc2f915034245
Georgi Guninski security advisory #48, 2001 - There is local root compromise in FreeBSD 4.3 due to design flaw which allows injecting signal handlers in other processes. Includes vvfreebsd.c, a local root exploit.
7713d19bc24aa7a9762066afdba62b29c53aa85272d88cc6bfb733c93872c401
Georgi Guninski security advisory #47, 2001 - OpenBSD 2.8 and 2.9 have a race condition in the kernel which leads to local root compromise. By forking a few process it is possible to attach to +s pid with ptrace. Includes vvopenbsd.c, a local root exploit.
4688ad1afc259ebe9475d2938db6a97bb4b7bba11539103d8d09c14ea9d0232d
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
33b2a82b72ad4b69da6a97ec42e2075330adf82b34899f654194adb5c628dd98
Tstot.c is a remote exploit for xloadimage for Red Hat 7.0. Xloadimage is a Netscape 4.77 helper application with a buffer overflow vulnerability. Binds a shell to a port. Fix available here.
7c5e9b0f582f8b9f8069d43e9559a992dd4b582e20d60a2d78d0443ffbdce520
Cayman routers allow remote access by using } as the username.
a17e1c26d5bd70627c96f7b43f1922e3ad836ea6c06226251e575bf5202ffa13
Cisco Security Advisory - Vulnerabilities in Cisco SN 5420 Storage Routers. Two vulnerabilities have been discovered in Cisco SN 5420 Storage Router software release up to and including 1.1(3). One of the vulnerabilities can cause Denial-of-Service attack. The other allows unrestricted low level access to the SN 5420. The vulnerabilities are exploited via TCP ports 514 and 8023.
1afc76ae5c67cd4b32febcfd4b2c0a11ec83ff017303afaec985ba49773f15b2
Cfingerd v1.4.3 and below Linux/x86 local root buffer overflow exploit.
5e415ed8282123a93e68f4a857a9f0ce4671a2b5267122c13f0a903a573d4994
IBM db2 for Windows (98/NT/2000) is vulnerable to a simple remote denial of service attack via db2ccs.exe (listening on port 6790) and db2jds.exe (port 6789).
6c5296f9d72c17968922f22da1b6375455027b8746c894c2b6b6df7b0c2ccf53
Cfingerd v1.4.3 and below local root buffer overflow exploit in perl. Exploits <a href="http://www.securityfocus.com/archive/1/192844"this</a> vulnerability.
7b79ae13d85cacf1b8ce314ae39684e5ad6ef29d9488a23ca3c28dde72ba702f
McAffee's MyCIO directory traversal vulnerability - Any machine running McAffee Agent ASaP VirusScan Software is vulnerable to a remote vulnerability which allows any file on the machine to be read. This software incorporates what is known as "Rumor Technology" that facilitates in the transfer of virus definitions between neighboring machines. This agent software runs as a service ("McAfee Agent") under the local system account and uses a light weight HTTP server that listens on TCP port 6515. Exploit URL included.
1345f062edc025c7dde3a594f427338427b307283d4fb5cae989577e8ec98887
Cfingerd v1.4.3 and below remote root exploit. Slightly broken. Exploit redirects fopen() call to popen() and executes code from ~/.nofinger.
071f4a1a2ce57b1bfa0e3867ce11912d46f52d364d1efbfd8b9ae3b75029765b
keyanalyze is a program which analyzes keyrings in the OpenPGP format (PGP and GnuPG), looking at properties of connectivity to generate strongly-connected set analysis, as well as some arbitrary statistics including a "mean shortest distance" calculation to show the most connected keys.
4a30e3807cfb7931365b887feeaa68c234db239f0730ba074cb477c2c9cda851
qDefense Advisory QDAV-2001-7-1 - Multiple CGI Flat File database manipulation vulnerability. Many CGI scripts store data, including passwords, in a flat file database, using special characters as field and row delimiters. An attacker is often able to manipulate these databases by inserting extra delimiter characters.
3adbc5bc17ca8d7fbb204c38878615f26bac047bfa7c0f36cb2770033770699f
Tcpip_lib V3.2 is a library for Windows 2000 which allows constructing custom packets, IP spoofing, attacks, and more. It uses sockets 2 and opens up a raw socket, allowing you to send raw IP headers, do IP spoofing, and play with the nuts and bolts of networking protocols.
d1dd00080f296ca1975e03f5d57ada157ca8c4722ecc6b6c856d2b784baac8f9
InaddyScanner is a port scanner that uses pthreads, and can scan 500 ports in 10 seconds in a good connection (112 kbp/s). Using the MIT-pthreads library and GTK, it includes a friendly interface with advanced stuff for scanning.
3044e978b06f68cd972cd6879166d21290e83e9f74eac29245504e8771b2f4ba
Knight.c Knight is a distributed denial of service client that is very light weight and is very powerful. It goes on IRC and joins a channel, then accepts commands via IRC (to prevent from getting caught). It has features like, an automatic updater via http or ftp, a checksum generater, a syn flooder, a tcp flooder, a udp flooder, slice2, spoofing to subnets, and more. This program has been used to create DDoS nets of over 1000 clients.
21ad07db066936bcec2b7118ae378bf626ab22dd9dc92cc85a6f1b74dca8339e
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
a0d290b17442053787c6652f23397b32b04e3066b225c9bafc040f367dd857d5
InaddyScanner is a port scanner that uses pthreads, and can scan 500 ports in 10 seconds in a good connection (112 kbp/s). Using the MIT-pthreads library and GTK, it includes a friendly interface with advanced stuff for scanning.
c870983583afa8034f6debaa6a2612d8e13e5c4706740d64880006cee9264176
Logs2Intrusions v1.0 parses IIS or Apache web server logfiles then create possible intrusions report.
3f40f66b2115df1396b1b9a360d57330fab28da0db21fcf67fe7e9a5375dd39d
IRPAS is a suite of routing protocol attack tools which sends custom routing protocol packets from the unix command line. It is very useful for searching for new routing protocol vulnerabilities. Included is a tool for sending Cisco Discovery Protocol (CDP) messages, one for injecting IGRP routes, and a scanner for IGRP autonomous systems. Documentation available here.
137b8a73f18383a037c5e6af51cfe6d29c72f38628bd5ce38f1864cf91a8e559
Stealth HTTP Security Scanner 1.0 build 29 - Checks for 5677 CGI vulnerabilities. Run on Win32 and Linux under Wine. Free.
dfd5a362ab45ee605e5c6e601ae5eba7ed6f320e00d9ca8c260e2a5fa4e44f92