Zero Day Initiative Advisory 11-161 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling WRQ opcode types the server allows arbitrary file creation. Additionally, the server is configured to truncate/overwrite existing files. This process is owned by the SYSTEM user. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
5f9e37da0423d4a1551146fb67b000b21281d1326a2a432b3aebc12612ce3ff4Ubuntu Security Notice 1111-1 - Multiple vulnerabilities have been addressed in the Linux 2.6 kernel. Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values.
6cec849465bfd640c211a3880a5ba0add1b75c474ec483fdabb902841493d744Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially-crafted UDP packet is sent to the JDENet port, the JDENET service creates a TCP connection to the provided IP and PORT parameters. This connection could be used to access the JDENET and all ERP functionality provided through that callback connection.
0c98a162b3edfa493fb0a51d4bc92e4a10f6c96764005f2ec2eaeeb63450c32eThis Metasploit module exploits a chain of vulnerabilities in the Accellion File Transfer appliance. This appliance exposes a UDP service on port 8812 that acts as a gateway to the internal communication bus. This service uses Blowfish encryption for authentication, but the appliance ships with two easy to guess default authentication keys. This Metasploit module abuses the known default encryption keys to inject a message into the communication bus. In order to execute arbitrary commands on the remote appliance, a message is injected into the bus destined for the 'matchrep' service. This service exposes a function named 'insert_plugin_meta_info' which is vulnerable to an input validation flaw in a call to system(). This provides access to the 'soggycat' user account, which has sudo privileges to run the primary admin tool as root. These two flaws are fixed in update version FTA_8_0_562.
adc6990f1cf99e26413f21f398ece6121bbb6179c5ffc9a96eea0dee3107fd02Ubuntu Security Notice 1084-1 - It was discovered that Avahi incorrectly handled empty UDP packets. A remote attacker could send a specially-crafted packet and cause Avahi to hang, resulting in a denial of service.
5e28ae80a5f0802306a3dc8f39007d0a5907c9e14b785263f2fb74042863af1dDebian Linux Security Advisory 2174-1 - It was discovered that avahi, an implementation of the zeroconf protocol, can be crashed remotely by a single UDP packet, which may result in a denial of service.
acf57aa474c9e0a972bc5304081c6c8a38e3bdc75a80db8de3551e80ad353db9Mandriva Linux Security Advisory 2011-037 - avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service via an empty IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
b4edc2d48e2b118b538b66c07b71c4376fd7f4b19f502be783b104e4065ba609Zero Day Initiative Advisory 11-090 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the XNFS.NLM component which listens by default on UDP port 1234. When handling the an NFS RPC request the xdrDecodeString function uses a user supplied length value to null terminate a string. This value can be signed allowing the NULL byte to be written at an arbitrary address. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
6ff956732b5f7f5743b6b55d69eb36425aa86fc4836dc1a32c8a0cabd05749eaZero Day Initiative Advisory 11-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Configuration Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the novell-tftp.exe component which listens by default on UDP port 69. When handling a request the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the ZenWorks user.
55ece0d6e6a2aa1abfba68f1a2fe3d382ac7ce1560c3ee6a79c681db1997c8a0ctunnel is a program for tunneling and proxying TCP or UDP connections via a cryptographic tunnel. ctunnel can be used to secure any existing TCP or UDP based protocol, such as HTTP, Telnet, FTP, RSH, MySQL, VNC, DNS, XDMCP, NFS, etc. You can also chain or bounce connections to any number of intermediary hosts.
a07bb5f48987ec0cb01d01ae7eb2fc00a06a1928fa25afe3999ceb4398f0941aNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
d44cd28fc087a98056234ac56fc187b6742daa5c20f56bc4d524548042f4b25eZero Day Initiative Advisory 11-062 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Calendar Manager RPC Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CMSD server (rpc.cmsd) which listens by default on UDP port 32768. The process does not properly handle large XDR-encoded ASCII strings to RPC call 10 followed by RPC call 6. This can be abused by an attacker to overflow a buffer on the remote host. Successful exploitation can result in arbitrary code execution.
e333491f06c3f009392877345815035c65e8bdd0ce06fa7f31c26f9dcea3dba7Unhide is a forensic tool to find hidden processes and TCP/UDP ports that are hidden via rootkits, LKMs, or other techniques.
21ef6128232d02bba981acdf20f92b92258189f0660c4dac9a8d2dfdcc83e6abNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
4b53f3f59f7f17560d4080a8663e2d9d1f95784d72dde233a8c3e23524c5165aA vulnerability exists in EMC NetWorker which can be exploited to potentially create a denial of service condition or eavesdrop on process communications. EMC Networker uses an RPC library to provide a portmapper service within nsrexecd. The portmapper restricts access for service commands to the localhost. However, the UDP protocol allows malicious users to spoof the source address of the network packet making it appear it originated from the localhost. This potentially may allow a remote malicious user to unregister existing NetWorker RPC services or register new RPC services. EMC NetWorker versions 7.5.3.5, 7.5 SP4 and later, and 7.6.1.2 and later are affected.
21660399dbf1d185b83eda092d0c5dc4da4a6779f9b2ea910ce9b02233783449Zero Day Initiative Advisory 11-023 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component which listens by default on UDP port 6095. When handling a packet of type 0x40020010 the process blindly copies user supplied data into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
c71991533bfdd3521c2b3f92755604038ecabae206e9589e9549f116f1a25c91Zero Day Initiative Advisory 10-285 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Desktop Management. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpd server component which listens by default on UDP port 69. When handling the filename in a Read Request (0x01) packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the tftpd server process.
82ccd040dbaba20699b014b47ff6ef8abe2763e1feeb146935df2c95f013eff2Zero Day Initiative Advisory 10-284 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZenRem32.exe process which listens by default on TCP and UDP ports 1761. When processing the Console DN field of incoming requests, the process can be made to overflow a stack buffer by 2 bytes. Due to the location of the destination buffer, an attacker can abuse this to overwrite a portion of a return address and execute remote code under the context of the SYSTEM user.
f769b1198961a1a95ef8fdec2b927504455807ef3244a9b9a20650b8abf2a28aZero Day Initiative Advisory 10-283 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZenRem32.exe process which listens by default on TCP and UDP ports 1761. When processing incoming connections with specific version fields the process fails to initialize a string buffer intended to hold the name of the client. After making allocations based on the size of the uninitialized string, ZenRem32 proceeds to convert the buffer between wide-char and multi-byte data types. As the pointer is directed at uninitialized memory, this can be abused to corrupt the heap. An attacker can leverage this to execute remote code under the context of the SYSTEM user.
f9396dac764d7d1a9c721681fce74e2c96816fd09ecb655c0425db0a91d4c695ARM shellcode that will bind to port 68 on any local address and plug a UDP shell onto port 67 on 192.168.0.1.
ea55946f1d2135c2f64a2b75dd4d650fe47934b1e2ddaf8df4468700d0dc0010Zero Day Initiative Advisory 10-179 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Fastback. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Mount service (FastBackMount.exe). This process listens by default on UDP port 30005. This process writes the value 0x01 to the address specified by the second DWORD from a packet received to it's UDP port. An attacker can exploit this behavior to execute arbitrary code by making several requests to this service.
ac9b3e5bc37b5d482832012c06c3221593f243061a344e6741cb461820ebc120ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
b87c25f185134db50f133771e0401fa05789e49cc0f58fffb7672f4e6066c70eHexInject is a hexadecimal and raw packet injector and sniffer. It can be easily combined with other tools to provide a powerful command line framework for raw network access. It will automatically set the correct checksum (IP, TCP, UDP, ICMP).
050852f89ea501c7bad768a694f8fd2d5f0c3de68da82647a1cb7aeb68e96e27Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
51a6cde0a6afee50799d59b1968f1a4011753bb535f070114fd60be62f59ad44ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
bd0e64702d3c1c0eff1571b731e0817c5f09f7c29c3385b789ab86941664058d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed