NGSSoftware Security Advisory NISR29012003 - There is a remotely exploitable buffer overflow vulnerability in the Microsoft RPC (Remote Procedure Call) Locator Service. This vulnerability, which especially affects Windows Domain Controllers, has been fixed by Microsoft and patch information can be found in Microsoft security advisory MS03-001.
a2a3c79f201bcc9cccb987fb64883826f91e927d2436724e71aa37f834e00fdbiDEFENSE Security Advisory 01.28.03 - It has been found that several SSH clients leave authentication data unprotected in the system memory while connecting to a remote host using the SSH2 protocol. Anyone with read access to the system memory can retrieve and abuse this information.
f96e214d26eae0377c74c3630c49679d41e66ba1f20315afe47ab9a17bed5cd3Carl Livitt security advisory CLIVITT-2003-2 - A format string vulnerability has been found in the plpnfsd daemon that comes with versions of the plptools package prior to 0.7. This issue can allow code execution with elevated privileges and has been fixed in newer versions of plptools. This advisory contains exploit code that may be used against affected SuSE Linux systems.
f829611591f0d2e1fe21f665a3734db57a1c622bdeb93d60a441b30612987c9eThis paper discusses using Snort as an anomaly based IDS, outlining the utilization of different deployments with listings of advantages and disadvantages.
1171033dcfc7108e8e90b455900a1f538124fe88cfd850787e7c034355d0e4eaThe utility slocate has a local buffer overflow vulnerability when the -r and -c switches are used. Due to this utility being setgid slocate on many default installs, slight privilege escalation is possible.
7e71b25301d29a85ee989e3de872b234d94b33bc2d114ac572bfc141bb2eab8cThis utility converts a dynamically link Linux IA32 ELF binary to a static binary.
b2f98619b069e576e51819658cb1142cc8d9a95a54a65bd7749c5f19124f8240Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
cbc1da4216f1107c4918011890c3b804bb5e9a3ae73c6e311bdf6ebe3e4b5781MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.11 / 8.12's "milter" API and will alter or delete various parts of a MIME message according to a flexible configuration file.
9ca16eb1b4678f31a4f4380606152a1a5abcd144ea1196c22311eee39b66d8d9radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
34d601f8688d0596c196e39f17029c3147008c94d736c291ec8cb6e879f60482The at utility in Solaris has name handling and race condition vulnerabilities. Using the -r switch to remove a job allows an attacker to remove any file on the filesystem as root. Although at filters out absolute paths, a simple ../ directory traversal maneuver allows an attacker to remove files out of the allowed boundary.
a1784e9527e8a56be1b234c7034c3ab545ca36e2fe248fa59675016423982b32PlatinumFTPserver, the server engine that runs as an application on Windows 9x and a service under NT/2K/XP, has a directory traversal vulnerability that allows remote attackers to enter directories that reside outside the bounding FTP root directory. Another vulnerability exists which allows an attacker to commit a DoS against the server. Version affected: 1.0.7. Version Unaffected: 1.0.8.
c7ace983a16f1593ea028a5dac902b90df0c5d6b3660d969f8a1ce3ae3aa446eHypermail 2, a popular tool that converts mails into html, has two buffer overflows. One exists in the hypermail program itself and another is in the CGI program mail. The overflow in the main program can be overflowed by sending an email while the CGI program can be overflowed by a DNS server being populated with faulty information. Versions affected: 2.1.3, 2.1.4, 2.1.5, possibly others. 2.1.6 is not affected.
61a11ef37ef28b1b5d6f5cb454068252442924f04a265874f41380b4830f4637Microsoft Security Advisory MS03-003 - A flaw in how Outlook 2002 handles V1 Exchange Server Certificates causes Outlook to sometimes accidently sends messages in plain text even though it tells the user it has been sent encrypted.
5268f1316955e4d3d27b9cd497735fe01c5636da127e8c3646195213ab851658CERT Advisory CA-2003-04 - A quickly spreading Microsoft SQL worm exploits two vulnerabilities in Microsoft SQL Server 2000 over udp port 1434.
2156045bc493481a21bb196558ebda1f8230f899a20b3be2226698ea91039e55Microsoft Security Advisory MS03-001 - A buffer overflow in the Microsoft Windows Locator Service in Windows NT, 2000, and XP allows remote attackers to execute commands on Windows 2000 and NT domain controllers by default, and any other server which has the locator service enabled.
5e5ba03153b589c0275c98e4d61e201733836557a267dfc1f55554c12a2f6cc2Eeye Advisory - The "SQL Sapphire" worm is spreading quickly among unpatched Microsoft SQL Server 2000 pre SP 2 systems on the internet with are accessible over port 1434 udp. Includes a detailed analysis of the worms payload.
1fd78f476cf00ccc0de6101ec49913f97a341524cce0732945250de296f1ea4cISS X-Force has learned of a worm that is spreading via Microsoft SQL servers. The worm is responsible for large amounts of Internet traffic as well as millions of UDP/IP probes at the time of this alert's publication. This worm attempts to exploit MS/SQL servers vulnerable to the SQL Server Resolution service buffer overflow (CVE CAN-2002-0649). Once a vulnerable computer is compromised, the worm will infect that target, randomly select a new target, and resend the exploit and propagation code to that host.
3a77fcd92ec00163f9ca845cd4c731f4b077b50ac1f7c0901d732242725f76d2Net/Free/Open/BSD x86 143 bytes shellcode which binds a shell on tcp port 31337 using setuid/setgid/socket/bind/listen/accept/dup2/exec("/bin/sh").
bf8402b782a35acb85ff1f23189281a35a0b1ce19ddcd28b4cd73329ccb099d7ISC dhcpd v3.0.1rc8 and below remote root format string exploit. Tested against Debian 3.0, Mandrake 8.1, Red Hat 7.2, 7.3, and 8.0, and SuSE 7.3. Includes the option to check for vulnerability on any platform by crashing the service.
dc98b1acb4120f20825c608246e44cb64ff5010e26e9ed5cbf306e84e6158122Rights Amplification in Master-Keyed Mechanical Locks - This paper describes a relatively unknown procedure for obtaining a master key if given access to a tumbler based master keyed lock and any low level key in the system. No special skill or equipment beyond a small number of blank keys and a file is needed, and the attacker does not need to engage in any suspicious behavior at the locks location. Countermeasures are described with provide limited protection under certain circumstances.
562ab51f68cdb767a008ead12ba2e6dff9f5b95fde08373041067c0cc80dbfa9Bscan is a banner grabber for httpd which uses non-blocking sockets for improved speed.
b86b4c7a2131850a0484b40011cff55e490a4b8e615c99c39d22805de5c94e9aEthereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
301ebb9414e4c347f81beee14a9c9c7065a61611d466866a24095446f73da91dCERT Advisory CA-2003-03 - Windows NT, 2000, and XP contains a buffer overflow in the Windows Locator service that allows remote attackers to execute arbitrary code via the netbios ports. More information available ms03-001.
eb59d294f1d6f4eaee6697e2747657bc9e967658f2af3c0df0b478e4ee4f8ed7CVS v1.11.4 and below contains a double free bug which allows attackers with read access to execute code on the server by sending a malformed directory name. By default, CVS runs with root privileges. Patch available here.
cf1e29270d759e81797059b571c99eff0c58d3aa9fffcdeb234d72fc4c3a22a7Vulnerabilities in Your Code Part II - Format string vulnerabilities and exploitation. Shows the exact location of the vulnerabilities, providing detailed explanations and exploits for each one found.
8c24f5e7710930cc45684d33d0daebaf7d08df845a23878ef36b0304e4c5c79f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed