Zap3.c cleans WTMP, UTMP, lastlog, messages, secure, xferlog, httpd.access_log, httpd.error_log. Check your log file and edit the source accordingly. Tested in Mandrake 7.2 and 8.0.
ddd7dd5733de189aa0a69ac6afdd5c760c285b48f1e5c5ea29875d8409b854cb
Local root exploit for /usr/bin/ml85p, a suid binary which is vulnerable to a local symlink attack. It is included in Mandrake 8.0 by default.
7fc636ec99a7121c1576f6a3baa4cfa2f6d10bc5a5797fccdad14335a04ae46a
Defcom Labs Advisory def-2001-18 - Cyberscheduler for Linux, Windows, and Solaris lacks bounds checking on the timezone variable, allowing remote root compromise. Patch available here. Includes proof of concept exploit x-cybershcehd.c and a shell script to brute force the offset. Vulnerable systems include Mandrake, RedHat, Slackware, Caldera, Suse, Debian, Windows NT, 2000 (IIS 4.0 and 5.0), and Solaris 2.5, 2.6, 7, and 8.
21c37966585bd74ddeb800641942dfeff9778cd7e600ab1a642ec1d919315aa4
Defcom Labs Advisory def-2001-19 - Innfeed has local stack overflow vulnerabilities in the logOrPrint() function which can be exploited to give uid=news. Tested on Slackware 7.1, Mandrake 7.0, and RedHat 7.2. Includes a patch, proof of concept exploit x-startinnfeed.c, and a shell script to brute force the offset.
4138178fdea0de7a98d769d075ebec0aa842b1ff03426901f91cd2c8b12ac932
Mandrake 7.1's /usr/bin/urpmi allows attackers to install RPM's as root if they have an account in the urpmi group and possibly physical access.
7c9b89ae1b7901292c8d5b0902bedd8ccaad79f8cc4b4e2702d359ba016ff272
Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: PHP 3 and 4 remote format string vulnerabilities, Internet Explorer authentication data retrieval, IE cached web credentials vulerability, Master index directory transversal vulnerability, BOA vulnerabilities, tmpwatch local dos, Extropoa Webstore directory transversal vulnerability, Interactive's web shopper directory transversal vulnerability, Microsoft share level password vulnerability, Mandrake openssh/scp update, HP Jetdirect dos, WebTV dos, Apache mod_rewrite, Debian curl update, Winu 1.0-5.1 backdoor password, debian ypbind local vulnerability, and Netmeeting denial of service. Articles include SUID programs, getting to the root of the problem, Testing for Trojans, How to detect virus hoaxes, and more.
35a897d619152e6fc91c69586c9708eba9f0eea568921cf5160a50cdba159f94
Linux Advisory Watch for September 8th, 2000. Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for glibc, screen, apache, and suidperl from Caldera, Conectiva, Debian, Mandrake, Slackware, SuSE, and Trustix.
58e4fa5accfb242abf0994a96a96bd8ca1fa2451c8d22c4f82165eca1089d646
Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: The FrontPage Server Extensions are vulnerable to a remote denial of service, a buffer overflow memory problem in the rpc module of the Pragma TelnetServer 2000, webserver Pro 2.3.7 vulnerability, Mandrake Linux Xchat update, ld.so problem that allows local users to obtain super user privilege, IIS Cross-Site Scripting patched, Microsoft Money password vulnerability patched, MGetty local compromise, and Kerberos password authentication issues.
41a3d0d05b3290fcc821f93f043a30e580de167d85445843559dbda0f11021ee
Linux Security Week July 24 - In this issue: Deploying Portsentry, How Buffer Overflow attacks work, Maximizing Apache Server Security, Secure Directory Services for E-Business, IPSec update, RedHat PAM updates available, NFS-utils rpc.statd remote vulnerability, Mandrake usermode vulnerability, LISTSERV web archive remote overflow, Stalker CommuniGate Pro read any file vulnerability, and SuSE Nkitb (ftp) vulnerability.
1c45fd9d5af9418bd4bddfa5bf221ac7287916786a10a0e4fb8921ca55a31796
PNC Bouncer remote exploit - tested against v1.11 on RedHat 6.0, SuSE 6.3, and Mandrake 6.0.
f3e7d956629059a23a4eafb60363507ed837755b27f531596180153d41af5c6f
Internet Security Systems (ISS) X-Force has identified a vulnerability in the makewhatis Bourne shell script that ships with many Linux distributions
1b64f135dfbec4e3b58cd4a39a867d2095425a2d0a7ce099fefc4ef401e688f6
Linux Security Week June 26 - In this issue: The default configuration of wu-ftpd is vulnerable to remote users gaining root access, Simple Object Access Protocol (SOAP), Network Intrusion Detection Using Snort, Updates for Mandrake bind, cdrecord, dump, fdutils, kdesu, xemacs, and xlockmore, Remote users can cause a FreeBSD system to panic and reboot via bugs in the processing of IP options in the FreeBSD IP stack, Remote vulnerabilities exist with all Zope-2.0 releases, NetBSD: libdes vulnerability, RedHat: 2.2.16 Kernel Released, Bastille Linux Review, and Intel admits wireless security concerns.
c0d7ad7845e4e90d9f4129a48230f19515b41a6a9486eb4dafc7447bd62eed0c
/usr/bin/cdrecord local exploit for x86 linux - gives gid=80 shell. Tested on Mandrake 7.0.
8c45b8eeaaa72e51223e3ac9a61b3c58d5f14a3ff1e33a32566ccd253e0be59d
/usr/bin/kdesud has DISPLAY enviroment variable overflow - exploit gives gid=0, tested on Mandrake 7.02.
8b85d8dcf4d727c24bbbc0ac3bf68dc420f4d2860eb3301427c685428fe26a91
Weekly Newsletter from Help Net Security Issue 16 - 07.05.2000 - Covers weekly roundups of security related events. In this issue: Outlook patch which lets administrators selectively permit some attachments could cause compatibility problems with software meant to work with Outlook, Microsoft Brasil web site defaced, ech0 security scanner, domain hijacking, Allegro-Software-RomPager vulnerable to DoS, Linux-Mandrake bind no longer runs as root, Linux-Mandrake Xlockmore security update, Checkpoint Firewall-1 IP Fragmentation Vulnerability, vbs gnutella worm, vbs_timofonica virus, and more.
98ceee0ab94aec7441a4a451c471432cab56af962c32da56b3b2189a98f3b536
Linux Security Magazine June 5, 2000. In this issue - Articles: An Introduction to IP Masquerading - Part 2, Firewall placement, Cracked! Part 4: The Sniffer, Who's Sniffing Your Network?, Update: Blocking "Killer Resume", Buffer Overrun Vulnerabilities in Kerberos, popa3d v0.4 contributed Kerberos, Linux Deleted File Recovery Tool, Mission Critical Linux, and Domain Hijacking Raises Security Issue. Advisories: RedHat Majordomo, Turbolinux users can view shadowed password file, PGP 5.0 Key generation weakness, SuSE kmulti local root compromise, Mandrake kdesu vulnerability, NetBSD Local "cpu-hog" denial of service, NetBSD SysV semaphore denial-of-service, NetBSD /etc/ftpchroot parsing broken, NetBSD Exploitable Vulnerability in Xlockmore, OpenBSD Xlockmore vulnerability, OpenBSD ipf vulnerability.
f0f51e6bebaced28e0897a3a32124913bf3c6f78a6cd621e702bf62b3c0902bf
Linux Security Magazine May 29. In this issue - Articles: The Top 10 Security Risks, Intrusion Detection on Linux, Analyzing Future Computer Trends and Threats, Always-on Internet Security, Mini-FAQ: "antivirus software for Linux". New Advisories this week: FreeBSD process and krb5 vubnerabilities, TurboLinux gpm, SuSE gdm, Slackware fdmount, XFree86 Multiple distribution vulnerability, Red Hat Secure Web Server 3.0-3.2: mailmail, Qpopper Vulnerability, Mandrake 7 dump vulnerability, Mandrake xemacs vulnerability, Mandrake fdmount buffer overflow, Caldera buffer overflow in kdm, and Caldera DoS attack against X server.
7dfd070ef058e716f57228524f1de6980dc09e772cf2b571688d4489cf6a21e4
/usr/local/games/xsoldier local root exploit. Tested under Mandrake 7.0.
2efbf7e734506a09a852e6b3154a6163a11aff489a05f01d6c99f70a70026d5b
Local exploit for Linux Mandrake 7.0's wmcdplay 1.0 beta 1. Unlike the Teso exploit for wmcdplay, this code exploits the -position argument.
eed00eb19c97858a9e3a92302523c50bd3259f79d45239243286e9ab1b43681f
5 exploits for wmcdplay (A cd player designed for WindowMaker - Release 1.0 Beta1) Tested on Mandrake 7.0.
b3df24fce3105f322d4f200071911aafe6bd5667f3ca8f7cca758ea51fc67a99
PAM/userhelper exploit - Ported to Mandrake 6.1. Also works on Red Hat 6.0 and 6.1, gives uid 0.
60f084b01a6b90f83d4afb30f04c2890fc63b2a6583017757d8572b289e798b3
Overflows the -l arg buffer in wmcdplay due to a bad sprintf call. Tested on Mandrake.
dcaf4f08e182ca245fd5a67f7a6513167be09b045d4dbb23c1b92103c9d70d18
Beginners Guide to Linux + Easy Installation Guide version 1.1 - I'd bet some of the people reading this description are using Windows, and are afraid to install Unix on their computer for some reason. "Sure, Unix does all those cool things and has better security and most Unix programs are open-source, but what will happen if I'll screw up with the installation and delete my old copy of Windows?" Black Sun Research Facility presents - an easy to understand and simple installation guide for Redhat Linux and Mandrake Linux, the two most easiest-to-install distributions (although this tutorial is good for other common Linux distributions as well).
94cf75c7fd9dcca69ca84c58292ccd72ecd74d76665906368f284adf788ce5fb
PMFirewall is an Ipchains Firewall and Masquerading Configuration Utility for Linux. It is designed to allow a beginner to to build a custom firewall with little or no ipchains experience. This firewall should work for most Workstations, Servers, and Dual NIC routers using either a dialup or LAN setup. It is restrictive to outside attacks while still being as transparent as possible to those inside. Currently only Redhat 6.x and Mandrake 6.x are supported, but support for other distributions is being developed.
90bad3e9923366d037b694a4c7f4a8e1cda10be3c0f508f8aae543fa02ce7734
PMFirewall is an Ipchains Firewall and Masquerading Configuration Utility for Linux. It is designed to allow a beginner to to build a custom firewall with little or no ipchains experience. This firewall should work for most Workstations, Servers, and Dual NIC routers using either a dialup or LAN setup. It is restrictive to outside attacks while still being as transparent as possible to those inside. Currently only Redhat 6.x and Mandrake 6.x are supported, but support for other distributions is being developed.
0b88f75e439b857e40fd8caedaeb1aab26ea6c182fc8bb496e06c56799d7a2e9