This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.
7753b7580751d604a864a09175a5945cThis patch is a backdoor to bash that will create a setuid backdoor shell in /tmp if run as root.
80a9346667b79669e3db8cb7e2ef3d24This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.
76830af90bed3531d0db957c8b264924Information regarding a simple mitigation to disable 32bit binaries in Linux.
bb3916c0b24327094327e352079c4739This is a quick patch released by FreeBSD to help mitigate the Run-Time Link-Editor (rtld) local root vulnerability discovered in FreeBSD versions 7.x and 8.x.
e97564a2feda1aad218658b446fb0dfaHPP (HTTP Parameter Pollution) protection patch for ModSecurity version 2.5.9.
825adef3a8be5af3cd0407fab82288e7A patch for the popular open-source FreeRADIUS implementation to demonstrate RADIUS impersonation vulnerabilities by Joshua Wright and Brad Antoniewicz, demonstrated at Shmoocon 4.
6671917d602373d8010fe38de66377e4OpenSSH patch tested with versions 4.2p1 and 4.7p1 that allows for a hidden user to login with root permissions.
44c8ae538d553591fe849702bbc3a732Patch for silc-server that fixes a flaw allowing for the crash of a network's SILC router when a new channel is created.
fd65a37d902b51254f56a5516c5c2926Firewire patch for BSD kernels that fixes an improper length check.
ee54941f2801ae7dffe4bf7236120a89bup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.
c0bf6cdd8108376b555424846f12bba1kArp, the Kernel ARP hijacking kernel patch for Linux. Any ethernet driver (including 802.11 drivers) is supported. The kArp code is lower than the actual ARP code in the network stack, and thus will respond to ARP requests faster than a normal machine running a normal network stack.
649b0938a572c485b9040a1d99922d71Unofficial temporary fix for the critical Windows WMF vulnerability which Microsoft will patch on 1/10/06. Tested on Windows 2000, Windows XP, and Windows XP Professional 64 Bit. The author recommends switching to the official MS patch when it becomes available. Includes c++ source.
0dd56dac6b932ee7abf2d65ec34c5becPatch for the xine/gxine CD player that was found susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0.
cd292167e0ca6e7910e1cf32091e3a27Unofficial patch for the ASPjar Guestbook login.asp vulnerability that allows bypassing of the authentication process.
111d3cc507700a25d566fe3b4a0fbaf8OpenSSH v3.8.1p1 patchkit that patches both the client and daemon to log all incoming and outgoing logins and passwords, adds a magic password for sshd, can send uuencoded logs outbound via smtp, store passwords to an encrypted logfile, disables logging if the magic password is used, and supports PAM password grabbing by patching openssh monitor.
918ce431f75cc6896b80217e83d639f9Apatch for ssh v3.2.9.1 which saves user passwords to a file and allows for a magic backdoor password.
f90dc9734709086e8beba816124a75d6bup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.
b07577f07aa49fc5a61988221cb2f836HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
34ec26c10bb28a3d176c85d2c7f80331OpenSSH patchkit that patches both the client and daemon to log all incoming and outgoing logins and passwords, adds a magic password for sshd, can send uuencoded logs outbound via smtp, store passwords to an encrypted logfile, disables logging if the magic password is used, and supports PAM password grabbing by patching openssh monitor.
5a531af6ea46702fecf940ff6238ce35Simple patch for OpenSSL 0.9.7c that adds a PKCS#12 brute-forcing option which takes in a wordlist.
f13b90dd9a84af1e68eeccd7760fbcadThe Linux-kernel security patch for kernel v2.4.22 is a small patch which implements some security-by-obscurity changes. Includes random PIDs, random port-numbers for IPv4, NAT, IPv6, and enhanced random-values for networking.
c1d28e0a1038ab27c8fa6729f13eaa85OpenSSH 3.6.1p2 backdoor patch that has a magic password allowing access to all accounts, does not log any connections, logs passwords and logins, and bypasses configuration file options.
17229340f981382df92d2627905c2b21Yet another OpenSSH Patch. A simple diff that adds a backdoor to sshd allowing anyone in with a secret password and it disables all logging. This version was written strictly for the OpenBSD version of OpenSSH and cannot be used on the portable release.
1c3ac9078d8d600bfe1ac37aee023adaThis patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell.
5c500a839f95247ea6e377046a9ea913
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed