Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
9fa723595726806cbf6547a2c453e695e33bf635f2d4771e80d110a06f27ea37John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
0d376320b6cc92b0f1341f4a06a79a989c9848e56da8018108b68c0dd6723e05Mandriva Linux Security Advisory 2011-179 - The addmntent function in the GNU C Library 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct these issues.
28900655297d1ea4816e5de8820317856a37994a5877afdb6697329afc3ec425Debian Linux Security Advisory 2353-1 - David Wheeler discovered a buffer overflow in ldns's code to parse RR records, which could lead to the execution of arbitrary code.
30834ae6dd79c9c782b27e64bf7d40a0b116914d4d1800c26f3abff17771d053ARP Toxin is a simple Perl script designed to ARP poison a host on the LAN. It uses Nemesis as a packet crafting tool to create and send the ARP packets. It is NOT original code, merely a slightly improved version of the sample arpredirect script from the book "Hacking: The Art of Exploitation". This variant allows one to set their own poisoning interval and interface to poison on.
aaa815740a2967208c32389034fd22ddc713b8769ad0c27475d119c8fbeb276dTitan FTP Server version 8.40 suffers from a denial of service condition that leads to a kernel crash.
63a8fb14cd6960d0567ab112f079bffb34f96fff18a95cef2eb2832dd45cdb0bPHP Video Script suffers from a remote SQL injection vulnerability.
853eb5286c79cf9e5e91ab553b21226f4ac833df597dee8272f8dae63b1082f1This whitepaper goes into detail on how to break 802.11 detailing the various attack methodologies and tools needed to perform the attacks. Written in Spanish.
db2e01888753073cc48af12d04fdc0fce7a3a6f5d76f0cf0f4036c28964010c6Ubuntu Security Notice 1281-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
872fb0971665c7f419fc03b97528a458416b56407dc592de5dc20aa1368746fa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed