NetBSD Security Advisory 2002-001 - A vulnerability found in the ptrace implementation on NetBSD 1.5.* , 1.4.* and CURRENT (prior to January 14, 2002) systems can result in race conditions where it is possible to use ptrace and SUID binaries to execute code with elevated privileges.
e2ceb90aa470a1126631cd2c2ce223394cc423f2b65930b3f1227dd7029eb3b2
ICMP Shell is a program written in C for the UNIX environment that allows an administrator to access their computer remotely via ICMP. More info available here.
f7bc22221aa7d982e7e69a1f1ba7bb267744d00b83ca1902191cba9950fb70ac
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD. Tested on Linux 2.0.x, 2.2.x and 2.4.x (any distribution), FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9 and 3.0, Solaris 2.5.1, 2.6 and 8.0.
245625e58aa65c130869fc32a8e8c06888ee940e89fad501cb0ae03bfd778566
Mailstation.pl exploits a DoS condition in the Intel eMail station.
f501f204ec204100cb68bc75ae260cad7caa05999ea63ac831eb65e0e1d8e4bf
Sniffit v0.3.7beta remote root buffer overflow exploit. Requires the admin to be running sniffit with the -L option.
59327ddb76c91e3de271d2d39d73f05e157642374a506dd212cb01e7026276c7
FreeBSD Security Advisory FreeBSD-SA-02:07 - The k5su command included with FreeBSD, versions prior to 4.5-RELEASE, and the su command included in the heimdal port, versions prior to heimdal-0.4e_2, use the getlogin system call in order to determine whether the currently logged-in user is 'root'. In some circumstances, it is possible for a non-privileged process to have 'root' as the login name returned by getlogin. You don't actually want that to happen, trust us.
53875598a31417450b640a6ead62cd1ba3c1efd31d8d7e05c0c072b13bc5bca6
Attn.tar.gz is a Redhat 7.0 local root exploit which takes advantage of a bug in the at command which allows an attacker to free() user controlled memory. Tested on Redhat 7.0 with the glibc-2.2.4-18.7.0.3 and at-3.1.8-12 packages installed.
68cf6e7dc2b3afc0aa47e66d705351d8b032f2fac0afda3d0b705506d8468181
The Avirt telnet proxy v4.2 and below has a remotely exploitable buffer overflow. Tested on Win2k. Strumpf Noir Society
b95135944e65dc824cd0d38a5ed558adbd0ce830e4673f4169c91b2793ff41bd
Steghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven. Steghide is designed to be portable and configurable and features hiding data in bmp, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseudo-random distribution of hidden bits in the container data. It is able to embed data in BMP, WAV, and AU files.
ff9bc688ec3eb84593723ea25071447f207bcfaa94f53a248ca0096d9e2cc5a5
Unichk is a tool for Linux which checks for 224 Unicode vulnerabilities in Microsoft IIS.
45a6db642a8a66e95d9334c8d29873ecda259a67fbb203d5302c66e083806f7e