Monit versions 4.1 and below remote denial of service exploit. Tested on Mandrake 9.1.
fd0e0cb327f08cd59490c5fa7b8eb5cdf849d936a4d69a4b1ac7526e864adcdd/usr/sbin/grpck local buffer overflow exploit. Note that grpck is not setuid by default. Tested on Red Hat 7.3 and 8.0, Cobalt Linux 6.x and 7.x, Debian 2.1 and 2.2, and Mandrake 8.1 and 8.2.
2f0dd037d94f0621fdf5899a98d3b4876af41cefc6e9b04e0ac95bd98280d88aRPM Finder Project version 1.2 is a utility that works much like the rpmfind.net site. It supports RedHat and Mandrake Linux.
6459a4c851ab66b8349b4e3c4a5708961d44bcb8b8619a9b9ba72fa620066729RPM Finder Project version 1.0 is a utility that works much like the rpmfind.net site. It currently only supports RedHat but will support Mandrake and Suse in its future releases.
d9c5fb359c7e6f5c54e12b8ab53f4c8ef840ca39788e0fc250de49320730453bRemote exploit for a buffer overflow in the Gnome Batalla Naval Game Server version 1.0.4. Gives user id of the account running the game server. Tested against Mandrake 9.0.
cde6233cf7588be614a0ea2f37489285004f595d61eea69313054f376fa2ca780x333cya.tar.gz is a Mandrake 9.0 local root exploit which uses bugs in the printer-drivers package. Cya.c gets group sys privileges with a bug in /usr/bin/mtink, and anger.c uses the sys privileges to exploit a bug in /usr/bin/ml85p, spawning a root shell.
70657304dd82f3abb9e1d3e4213fb7c9ef61e403dcb80f896244e21d59e50168Mandrake Linux Security Advisory MDKSA-2003:015 - A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7. Affected Mandrake versions: 8.0, 8.1, 8.2 and 9.0
aadb5388056e5519e20c8bceae53605626d6a2a12bf45477b585fd83693fef06Mandrake Linux Security Advisory MDKSA-2003:014 - An updated kernel for Mandrake 9.0 is available with a number of bug fixes. This new package also fixes a security problem that allows non-root users to freeze the kernel, and a fix for a vulnerability in O_DIRECT handling that can create a limited information leak. This last bug also allows users to create minor file system corruption (this can easily be repaired by fsck).
c116e3fc3745453b25f2c7dce5ded5e55c55e7bc93d37b907f46a59d8a81e5a1ISC dhcpd v3.0.1rc8 and below remote root format string exploit. Tested against Debian 3.0, Mandrake 8.1, Red Hat 7.2, 7.3, and 8.0, and SuSE 7.3. Includes the option to check for vulnerability on any platform by crashing the service.
dc98b1acb4120f20825c608246e44cb64ff5010e26e9ed5cbf306e84e6158122iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package. Three vulnerabilities exist, the worst of which allows local root compromise. Overflows in the mtink and escputil binaries, which are set group id sys, allow an attacker to gain sys group privileges. A race condition in the ml85p binary, which is set user id root, allows an attacker to create a file with super user privileges.
7176f37ea45e1920e9e214222d1b7446b1bb27eb36daf186f9b7edeb3b38a417Stunnel v3.15 - 3.21 remote format string exploit. Tested against Red Hat 7.2, 7.3, 8.0, Slackware 8.1, Debian GNU 3.0, and Mandrake 9.0. More information on the bug available here.
532b98b86e389878816da8e1e91e5367bcb977b9463a85ff0fd56f7f70b0b4fdMandrake 8.2 linuxconf local root exploit.
10ac292ecd095adfff7090099b436f9adcb2b98fee0c74a8249eeff765272b78/usr/sbin/grpck proof of concept local exploit. Not setuid by default. Tested on SuSE, Red Hat, Debian, and Mandrake.
71bfe6e2e647879dfcd24d8f56b296965f537cb2bd0c0b575f192e247aeefcfdThe Bastille Hardening System attempts to "harden" or "tighten" the Linux/Unix operating systems. It currently supports Red Hat and Mandrake systems, with support on the way for Debian, SuSE, TurboLinux and HP-UX. We attempt to provide the most secure, yet usable, system possible. Screenshot available here..
fb6d096a829d4241956085f69b5c3dde765b7ef522d6db5c5f2603f328ea2a3bLinuxconf v1.28r3 and below local exploit which uses the ptrace method to find the offset. Tested on Mandrake 8.0 and 8.2, and Redhat 7.2 and 7.3.
7c69399dd7f5a08de186e149072b4b0ffad0e4adecf6598bc7fb8d45d8cc6354Linuxconf local root exploit for Mandrake 8.2.
bbdecd617d05c630f7b5a45d0f9bbe2c7853751345d776a2859834b022570a38Autolinuxconf.tgz is an improved exploit for linuxconf <= 1.28r3 which has been found to work on Mandrake 8.1 and 8.2 and Redhat 7.2 and 7.3.
3d5644a86004378365d91810e8826011af33787751064d3f5d6d4b4957895086Pwck local linux buffer overflow exploit. Tested on Mandrake 8.2.
fa3f2ddf78013d48703efa19452ce9f8e3c69395f423649d3359d47dbfe38e6cAnother Proof of Concept exploit for the local buffer overflow vulnerability existing in linuxconf v1.28r3 and below which allows users to spawn a root shell. Tested on Mandrake Linux 8.2.
92e6ec24f409a9f1006245445fec7ad60fc8f719a98109578dd3758317bd6a9cIBM x86 Informix SE-7.25 sqlexec local root exploit. Overflows the INFORMIXDIR environment variable passed to the sqlexec binary. Offsets for Redhat 7.0 and Mandrake 8.2 included.
51fb5d073c8119f0f6b35e7780a8c034299174f9e239cfe43b734a26ce42b317Mandrake Linux security advisory MDKSA-2002:037-1 - ISC DHCPD in its version 3 introduced new dns-update features. ISC DHCPD v3.0 to 3.0.1rc8 is vulnerable to a remote root format string bug attack, while reporting the result of a dns-update request.
42232836f0d3fb1ef90a2677417ea2433081cd0f3beee7cf19875a6a8511d9c2Mandrake Linux security advisory MDKSA-2002:034 - A remote overflow found in the WU-IMAP daemon v2001a and below affects Mandrake 7.1, 7.2, 8.1, 8.2 and Corporate Server 1.0.1.
ccb9e4f0cf15f78cf499d5204b26c83fea31cfd471f6bf7d99bdaded7df24b9eMandrake Security Advisory MDKSA-2002:033 - A vulnerability found in all versions of Webmin prior to v0.970 allows remote users to login to Webmin as any user. The affected Mandrake versions are 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1 and Single Network Firewall 7.2.
7b53ede13b33631621686fe27cf7981287d076bdaa27520dcebdca3a089ccfacMandrake Linux security advisory MDKSA-2002:030 - A vulnerability found in the netfilter package can result in a serious information leak that can expose filter rules and network topology information. This vulnerability affects Mandrake Linux 8.0, 8.1 and 8.2 .
59e7afed923c050dc1ea8b370801e26faa6d4802d4f005f42c0071dfb5236c14The Bastille Hardening System attempts to "harden" or "tighten" the Linux/Unix operating systems. It currently supports Red Hat and Mandrake systems, with support on the way for Debian, SuSE, TurboLinux and HP-UX. We attempt to provide the most secure, yet usable, system possible. Screenshot available here.. RPM's available.
c68b2bc856ef76b4934210205be2188b0e1e4ecb37ebf40e5fa829daa0f2f3f2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed