Irix 6.3/6.2 /usr/bin/X11/xlock local buffer overflow exploit.
b8d9843b397b57fccaa793ccf840cd9d1975e50c5e927c8e182b01e64aeea9faIrix 6.2/5.3 named iquery remote root buffer overflow exploit. Spawns a bindshell.
f5baf76e8d286e7a76ef7459ff65cd0578c8cb1199e6fbd93e2ca3e1a8381a0dAutofsd remote buffer overflow exploit for Irix 6.4 and 6.5.
2d65722f66dfe721e80274d6c4393ffbad95bf9da27ed4c41994ce16fc1b826fIrix 6.5/6.4/6.3/6.2 arrayd remote buffer overflow exploit as described in CA-99-09-arrayd.txt.
fb555806421a71e23aaabcc1e1c51b5f2f02c010505be9682fbf9e7b39ebad56SGI objectserver "export" exploit - Remotely adds new entry to the export list on the IRIX system. See our SGI objectserver "account" exploit for more information. Only directories that aren't supersets of already exported ones can be added to the export list.
4b12bc670104362647c98bc09c33e31bd72cf0907624f171bded34b49558ac77rpc.ttdbserverd remote root exploit for irix 5.2 5.3 6.2 6.3 6.4 6.5 6.5.2.
013680ab2f18fda2da0613e985b4d69e5e887fe8bfcdd023cd1e22f04cb5343eWeekly Newsletter from Help Net Security Issue 26 - 21.08.2000 - Covers weekly roundups of security related events. In this issue: Updated perl and mailx packages to address potential local exploit, widespread suseptibility to IIS 4.0/5.0 "Specialized Header" vulnerability, Rapidstream VPN Appliances root compromise, IRIX tenetd vulnerability, Hotmail/Microsoft Instant Messanger issue, Watchguard Firebox Authentication DOS, OS/2 WARP 4.5 FTP Server DOS, IMAIL web service remote DOS attack v.2, and a paper presented at the Black Hat briefings titled, "A Stateful Inspection of Firewall-1."
ded3256ac231b285a673d0b7adbc6383d0cfb5fa6f0f6a35ad476c8a66bea282ISS Security Alert Summary July 1, 2000 - 77 new vulnerabilities were reported last month. This document has links to more information and full advisories on each. Includes: win2k-telnetserver-dos, win2k-cpu-overload-dos, fw1-resource-overload-dos, sybergen-routing-table-modify, ircd-dalnet-summon-bo, win-arp-spoofing, imesh-tcp-port-overflow, ie-active-setup-download, ftgate-invalid-user-requests, winproxy-get-dos, firstclass-large-bcc-dos, winproxy-command-bo, boa-webserver-file-access, ie-access-vba-code-execute, ie-powerpoint-activex-object-execute, fortech-proxy-telnet-gateway, xwin-clients-default-export, sawmill-file-access, sawmill-weak-encryption, netscape-virtual-directory-bo, netscape-enterprise-netware-bo, proxyplus-telnet-gateway, glftpd-privpath-directive, irc-leafchat-dos, openbsd-isc-dhcp-bo, debian-cups-malformed-ipp, jetadmin-network-dos, wuftp-format-string-stack-overwrite, jrun-read-sample-files, redhat-secure-locate-path, redhat-gkermit, weblogic-file-source-read, netscape-ftpserver-chroot, linux-kon-bo, dmailweb-long-username-dos, dmailweb-long-pophost-dos, aix-cdmount-insecure-call, irix-workshop-cvconnect-overwrite, blackice-security-level-nervous, linux-libice-dos, xdm-xdmcp-remote-bo, webbbs-get-request-overflow, nettools-pki-http-bo, nettools-pki-unauthenticated-access, panda-antivirus-remote-admin, dragon-telnet-dos, dragon-ftp-dos, small-http-get-overflow-dos, mdaemon-pass-dos, simpleserver-long-url-dos, win2k-desktop-separation, zope-dtml-remote-modify, pgp-cert-server-dos, antivirus-nav-fail-open, antivirus-nav-zip-bo, kerberos-gssftpd-dos, sol-ufsrestore-bo, tigris-radius-login-failure, webbanner-input-validation-exe, smartftp-directory-traversal, antisniff-arptest, weblogic-jsp-source-read, websphere-jsp-source-read, freebsd-alpha-weak-encryption, mailstudio-set-passwords, http-cgi-mailstudio-bo, mailstudio-view-files, kerberos-lastrealm-bo, kerberos-localrealm-bo, kerberos-emsg-bo, kerberos-authmsgkdcrequests, kerberos-free-memory, openssh-uselogin-remote-exec, mailstudio-cgi-input-vaildation, ceilidh-path-disclosure, ceilidh-post-dos, and nt-admin-lockout.
56bdbd85738f9ce23d025f2bb8e258e5ea88fba4f6c6be7083dc0867aabe88e2USSR Advisory #43 - Remote dos attack against Real Networks Real Server version 7, 7.01, and G2 1.0. Sending malformed packets to the RealServer HTTP port (default 8080) will cause the service to stop responding. Exploit URL included. Affects Windoows NT/2000, Solaris 2.x, Linux, Irix, Unixware, and FreeBSD.
fb3235de31d91f9fe6c72377f127e585ee0a820398fcdfdb7ff9898b18eeb010ISS Security Alert Summary for May 1, 2000. 35 new reported vulnerabilities this quarter, including: eudora-warning-message, icradius-username-bo, postgresql-plaintext-passwords, aix-frcactrl-file-modify, cisco-ios-http-dos, meetingmaker-weak-encryption, pcanywhere-tcpsyn-dos, piranha-passwd-execute, piranha-default-password, solaris-lp-bo, solaris-xsun-bo, solaris-lpset-bo, zonealarm-portscan, cvs-tempfile-dos, imp-wordfile-dos, imp-tmpfile-view, suse-file-deletion, qpopper-fgets-spoofing, adtran ping-dos, emacs-local-eavesdrop, emacs-tempfile-creation, emacs-password-history, irix-pmcd-mounts, irix-pmcd-processes, irix-pmcd-dos, iis-myriad-escape-chars, freebsd-healthd, beos-syscall-dos, linux-trustees-patch-dos, pcanywhere-login-dos, beos-networking-dos, win2k-unattended-install, mssql-agent-stored-pw, and webobjects-post-dos.
6d59eba0abd44501049acfa5e821123af34e918e7a66fc7f61eef2851fad52c7Phrack Magazine Issue 56 - Shared Library Redirection via ELF PLT Infection, writing IRIX shellcode, subtle backdooring techniques, Bypassing StackGuard and StackShield, the Phrack Prophile, and more
d4f49f9260edf5b745cd4416f6356f315a9364592830c2a900a874ca7988e437IRIX Login Security - In this paper you will learn a bit about logins, and the seriousness of what could happen if you don't take certain precautions. You will have found out some options you can take with your logins, certain restrictions, and a lot more.
35daa4e31eadc2e9835852cb680f16c18c3d63d83c32a3c93afa078dcdfd4718ISS Security Alert Summary 5.3 - Summary of vulnerabilities discovered in March, 2000. Contains 33 reported vulnerabilities - windmail-pipe-command, windmail-fileread, simpleserver-exception-dos, linux-domain-socket-dos, linux-gpm-root, outlook-manipulate-hidden-drives, vqserver-dir-traverse, vqserver-passwd-plaintext, iis-chunked-encoding-dos, nav-email-gateway-dos, netscape-server-directory-indexing, mercur-webview-get-dos, officescan-admin-pw-plaintext, officescan-admin-access, linux-kreatecd-path, win-dos-devicename-dos, wmcdplay-bo, nt-registry-permissions, staroffice-scheduler-fileread, staroffice-scheduler-bo, iis-root-enum, mssql-query-abuse, clipart-cil-bo, oracle-installer, linux-rpm-query, thebat-mua-attach, irix-infosrch-fname, linux-dosemu-config, coldfusion-reveal-pathname, netscape-enterprise-command-bo, nmh-execute-code, htdig-remote-read, and ie-html-shortcut.
73a4d14101964f3e30048066a698907d3a3a447cd3fd69d5e08ddd23f575d71cSGI IRIX objectserver remote exploit - Remotely adds account to the IRIX system. Patched February, 1998. Tested on IRIX 5.2, 5.3, 6.0.1, 6.1 and even 6.2.
50cc9680c224be9e0219d599f01be7fd1deae2ff3856942ef92ade8bb1049054SGI Security Advisory - A remote vulnerability in the objectserver(1M) daemon has been discovered which can lead to unauthorized non-privileged user accounts being created. IRIX operating systems versions 5.1 through 6.2 are vulnerable. SGI Security page here.
62bd2d1d51a462ebca4fd8887d85a6f4a333ec705b12f8d65fdd2ccbeaaecfbfIRIX 5.3 and 6.2 remote bind iquery overflow.
b801143c1ce4d17ed2fa72ee309b8de04aca3c0a8f28c3d870db447f3237d770Irix 6.5 InfoSearch is a web-based interface to books, manpages, and relnotes, distributed by SGI. infosrch.cgi can execute commands remotely.
eba4d77a802d260631abb020810e7f15fba73aa9ed4f550a8086a00d34d95608CGI vulnerability scanner version 2.00. Checks for 173 CGI vulnerabilities. Tested on linux, freebsd, and irix.
0431b7efce10152b2d33936031b456224a8417c3e9dd186c96dad485ee727526Universal login trojan - Login trojan for pretty much any O/S. Tested on Linux, BSDI 2.0, FreeBSD, IRIX 6.x, 5.x, Sunos 5.5,5.6,5.7, and OSF1/DGUX4.0. Works by checking the DISPLAY environment variable before passing the session to the real login binary.
fb412b9239e72a75c7f47ba4a4785c5cbfc7665494372801af49f21457eed13dSentinel is a fast file/drive scanning utility similar to the Tripwire and Viper.pl utilities available. It uses a database similar to Tripwire, but uses a RIPEMD-160bit MAC checksumming algorithm (no patents) which is more secure than the patented MD5 128 bit checksum. It should run on most unixes (tested on redhat linux v6.0 & v5.2, slackware linux v3.x & 4.xb and IRIX (v5.2 and v6.x). Several other utilities which are used for Sentinel development are also posted here. Most utilities are included with the sentinel tarball. gSentinel is a graphical front-end to sentinel. Newbies should download gSentinel as it comes with a very simple rpm based installation and offers a friendly interface. Beware that gSentinel is currently under development and may be fairly crude compared to most GUI packages.
9f6315a4b007336f2bc225ce16208ad6f75590dbbc6f0a043a40652e4ee1b013The IRIX setuid root binary midikeys can be used to read any file on the system using its gui interface. It can also be used to edit anyfile on the system.
03bb247d0172ed1737bba3d4e4230b04f38a9de92fd5b0752da235aba0b587e5Subject SGI IRIX fam service Vulnerability Date 04-Mar-2000
3a685c2152f1609cdf7391e4dc4908c29f12b4a263a1e61ef96bf63c005e82b6Subject "IRIX" lp Vulnerability Date 10-apr-92
3b1db849f06da2831daa078df249feaeafe33e84e8f6faac3cd339f8863eefc6Subject SGI IRIX configuration vulnerabilities Date 25-Oct-93
c6e9600ebedab27ae7c88459328ea9ed71be2811852d8f15bba5485c8615482cSubject SGI IRIX Help Vulnerability Date 12-aug-94
0b7596c50ed421fca21fc8b739259d28fcbbc4ce6cc43eda34ef1ad5a9719e36
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed