UDPSZ is a simple proof of concept exploit/tool for spoofing UDP.
e8042b84d8869853e556af1e563425d40d6be10c6bc20ebe6ae535458a135f23Green Dam remote change system time exploit that leverages the fact that UDP port 1234 listens and accepts time updates unauthenticated.
62f3fc3dab18bda85cc06eba55d6d367c00ddddc4d145720651d8487b1dd2077Asterisk UDP IAX protocol fuzzing utility.
38cb2e5ced48810f3028ffd78c79418cf6e9221460e97e695f38258c47928e40Zero Day Initiative Advisory 09-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Safenet Softremote IKE VPN service. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ireIke.exe service listening on UDP port 62514. The process does not adequately handle long requests resulting in a stack overflow. Exploitation can result in complete system compromise under the SYSTEM credentials.
c10784bcd8400bdec93f62053829dce5cebd0bb2f52f7f999f9db8b67f923f7eipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
5b042c182c7f4d1abb4ba5c65f008a56a8d223b186c847385863772e6c37ed45iDefense Security Advisory 04.28.09 - Remote exploitation of a stack based buffer overflow vulnerability in TIBCO Software Inc.'s SmartSockets RTserver could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability occurs when parsing requests on the UDP interface of the RTserver. iDefense has confirmed the existence of this vulnerability in the RTserver version 4.0.10.1. Previous versions may also be affected. The SmartSockets framework is resold to various 3rd party vendors, and in this case iDefense used the version provided with Computer Associates Enterprise Communicator.
6d008d52e91cfd5a4ca4ff613e0e700fd8d4e1656b66671f3a7aa9fae61e7a63Cisco Security Advisory - Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.
d7c7801e5593cc1d56d45fb532604c74459fabf8eb1ec761e05e4ee6458e597cProof of concept denial of service exploit for the HTC Touch vCard over IP that sends vCards to port UDP/9204.
c765fa0e718759e83c56f58ce3ea7a9a7b76a3590eecefea18f32a537ef6cbe7Udp.pl is a simple UDP flooder written in perl.
a2843c6ee7336f1f9449d88e17b2df96a48cbdf5ad4472388d52ed69c8b4c70aipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
ea5c3a7c800ddbed969cfe09def7978c1a25636fc0fad6b61f85b59a01bcd487Wintercore Advisory - PXEService.exe is prone to a remote buffer overflow due to improper bounds checking when handling PXE requests. A remote unauthenticated malicious attacker can take advantage of this flaw to execute arbitrary code by sending a specially crafted UDP packet. SystemcastWizard Lite versions 2.0 and below are affected.
1e4e1fc447fa7a1d81f5dee9dc92ca06a9dc682581918bf7809c0defad38df4bSyslserver version 1.058 suffers from a denial of service vulnerability due to a mishandling of malformed UDP packets.
a6efafa996d39f89733fa58ff0381e0d9c1c6f8bc51e86bdf497ccdd62e2ae30JASniff is a small handy graphical Windows TCP/UDP/ICMP packet sniffer. This tool will be embedded in the MSF-XB exploits development platform soon.Full source and a binary is included.
6b72a88cfe89a5313587d5fba7cc23c2b8067328f13b9efe6198926a12e185e5151 bytes of Linux/x86 connect-back shellcode that uses UDP port 54321 and executes tcpdump.
43697f2423432246a3de3022253c59fbb3331f2b592eabd562c28e4a731f5a8eipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
a000be1cd760a5ca3ce687c4ee20fd925de3e78ddb59ea3742761a9d6d15f26bNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
0e960e0553eb76470c8517a0038092a3969db65cbe23c03fd6daef1acdcc9658Cisco Security Advisory - Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel that is externally reachable. An attacker could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices. No other platforms are affected. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
ea463164a5d2c0b0aaae0fd30a1013803446e2acd3ae1356a22e758958ba84a0Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
fb3236321dffd5dff763c8bf52ae11219c01dc147de62df8ed76693d4af872c5Gentoo Linux Security Advisory GLSA 200809-02 - Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server. Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash. Versions below 2.45 are affected.
ed1cca55454b5ba4e246627c0056fd8174c4cdebcacddb3a6fa5eae0bc89d4c0This document describes a simple and efficient method for random selection of a client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The mechanisms described in this document are a local modification that may be incrementally deployed, and that does not violate the specifications of any of the transport protocols that may benefit from it, such as TCP, UDP, SCTP, DCCP, and RTP.
61b14f84224795032551d1a5e2ebfe45a4f86868563581fff491e9408e636381Gentoo Linux Security Advisory [UPDATE] GLSA 200804-22:03 - Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to resolve this issue was incomplete, as it did not always enable the stronger random number generator for source port selection (CVE-2008-3217). Versions less than 3.1.6 are affected.
7d5cac259201a9e986b7929ca9688bd105efdfe46b13c0ddf4e960f3611835acNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
4c1026da1386c4ce859ab1fda53311292e7a9c6a576ec328e7ae9b683edbc5afDebian Security Advisory 1619-1 - Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery.
ebe12a113c6df6c042ef47a1dba8bec4c568a74767c16910863035f96e4a9dbfDebian Security Advisory 1617-1 - In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below.
d9ed425b97874f61eb0207b3d26987e6036bffbbbbbedda8e4db2913f6def931ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
0f0c06e263787d03042d6443165bafefd95087367bf0f3981ba44546668d2060
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed