InetServ 3.0 (Windows NT) advisory and remote exploit.
cc2c208ea5bc9b1947f2e030b63f6be5825fda3e7e55165f78c314720c1ebd67Stream.c summary - DoS attack due to bug in many unix kernels, including Linux, Solaris, and all of the BSDs.
7cff59a33278aed639fdb203cfa2c7908bff64e6c40976ab8b6cbef24bc3e0b9Nortel's new Contivity seris extranet switches give administrators the ability to enable a small HTTP server and use Nortel's web based administration utility to handle configuration and maitenance. The server runs atop the VxWorks operating system and is located in the directory /system/manage. A CGI application, /system/manage/cgi/cgiproc that is used to display the administration html pages does not properly authenticate users prior to processing requests. An intruder can view any file on the switch without logging in.
e6470da7422c75f82642fd4a9d29e044d0ee71eaad5f6c6e169743abe355b388There exists a vulnerability in rdisk (Windows NT) which causes the contents of the registry hives to be exposed to Everyone during updating of the repair info.
d9d891c8304ca57c3de11b9e0bbc9cea3224a33302ce1296a8a19047a3d8f5e0RTF files consist of text and control information. The control information is specified via directives called control words. The default RTF reader that ships as part of many Windows platforms has an unchecked buffer in the portion of the reader that parses control words. If an RTF file contains a specially-malformed control word, it could cause the application to crash.
27ba30c0f7c1e053fdc20342b41f7fbf0815631ae08c4738c0819002d49a196fUSSR Labs found following. A memory leak exists in the Super Mail Transfer Package that may cause an NT host to stop functioning and/or need to be rebooted. The memory leak may occur when you connect to the SMTP port, all information you send to the system will be stored in memory, and SMTP support multiples HELO/ MAIL FROM/ RCPT TO / DATA in the same connection. If you did multiple HELO/ MAIL FROM/ RCPT TO / DATA in the same connection the memory may not be deallocated. This condition may cause the computer to stop functioning the moment memory runs out.
098828bc67aee64abdd87dabcd122bf51262d7df84bd843eef9f319e6f289b2bTimbuktu Pro 32 (TB2) from Netopia sends user IDs and passwords in clear text. When TB2 is used to remote control a machine that is not logged in or is locked, any user ID and password that is typed in is sent in clear text. A malicious user on the network can "sniff" the packets and gain the NT User IDs and passwords of any one using TB2 to remotely control a NT machine.
7409f6db13593aa2d56a2998e62d44ee0c31c668b0139f93213cebc734a8677cWebSite Pro is also revealing the webdirectory of each Website by a simple command line. This bug is similar to the "IIS revealing webdirectories" bug reported. On WebSitePro the diference ist the way you retrieve the path.
70b108388a2f189b10b9a7b6a8056ebcc7c966497f269b5fed0b43153d271e8dJaynus Jaynus found following. He read over the ICQ overflow that had been found so he was curious if this existed in any other clients. Upon testing the below URL, yahoo pager/messenger crashed in the same was as ICQ.
afc1794d389c2f332846bb6da3abde5c120db7e53c76005bc13d3854a685e7bbVulnerabilities in OMNIS, affecting many applications. Omnis is a Rapid Application Development environment which is portable to Win, Mac, and Linux. One of the features that Omnis provides for attaching to the database is the ability to encrypt fields, and obscure them from prying eyes. In actuality, this encryption is extremely weak, and I accidentally discovered the encryption technique and post a detailed explanation of it here.
cce1376a97274da7aea1f4e10d420680a764f89a62c9ccbe2082d9a76171b73eOutlines two basic vulnerabilities in Checkpoint's Firewall-1. The first is an authentication problem which allows easy brute force attacks; the second allows you to use the first to remotely administer someone else's firewall without their knowledge.
ab7c8cb66cb9a649b887f0163e7e820092e38e0740ba667e59b9a4fe71b8851aUnixWare 7 exploit for /usr/bin/ppptalk.
10de24aa93dd63689988d573d193dad1b34aff38e4811d4a1f12d1f1b2c411f6Vcasel (Visual Casel) is apparently intended as some sort of addon to Novell Netware 3.X and above. The program does succeed in limiting the names of the files executed, but there is no path verification.
1afd8be0e8218ce48904ec923ced26cfb2a7d6b7676222d7ce79c396c4c63c18Sending an SMTP message with a malformed attachment, it is possible for malicious code to avoid detection by Trend Micro's InterScan SMTP scanner version 3.0.1 for Solaris. Other versions may be affected as well, but were not tested.
52dbfec4c390c07ad3b30020cf3ca2c0d7eced0ce691fdf7b2622e5b31dddd6bIf you're running BIND 8.2.2, and you have the victim.dom name servers in your cache, and victim.dom changes its server names, then any user who can make recursive queries through your cache can break your victim.dom lookups until the old records time out. The complete attack is one brief burst of legitimate packets. This is, of course, not as disastrous as BIND's next buffer overflow, but it's still an interesting example of how an attacker can use BIND's bogus "credibility" mechanism to exacerbate the effects of a seemingly minor bug.
c72ec0dd61841711d365e087961f01b3cc66fb2e349bb4274b3c897e6f364742OS tested was Windows 2000 and ICQ v99b 1.1.1.1. ICQ is a very popular chat client that is affected by a exploitable buffer overflow when it parses an URL sent by another user. What this means is that arbitary assembly code can be run on the remote machine.
c56d1f4e56219b6d49de977af302c96651bb3965e3248d8a7976706cedb0949corel Linux comes with a program called "Corel Update" to manage the ".deb" files. This X oriented program is setuid root. The program is "get_it" and it's located in the /usr/X11R6/bin directory. If you can run it, it's easy to get root privileges in your system.
638e23401a5d45ff0435f80bdbe0006c13f71306efdb836fc11c7244771cbff7Due to a flaw in the NtImpersonateClientOfPort Windows NT 4 system call, any local user on a machine is able to impersonate any other user on the machine, including LocalSystem. We have written a demonstration exploit which allows any user to spawn a cmd.exe window as LocalSystem. All Windows NT 4.0 systems up to and including SP6a are vulnerable.
1ff0cb5ad962f1a532acb051aa8b1243c8f84d3274a8fd975eedf2cc9d380959RESTRICTING A RESTRICTED FTP - How to exploit common misconfigurations in wu-ftpd that allows usersi who may not have permission to login to execute arbitrary code on the FTP server.
43bd58be0b34b0860a305a158d415d0aef434ee84693ddc0a6bfd1b1a8a0472aA practical vulnerability analysis (How The PcWeek crack was done).
5b0caddba18fc1cf57f100b5941b4cf7285e86c8efa5b46556d32dbe02b0543aThe IRIX setuid root binary midikeys can be used to read any file on the system using its gui interface. It can also be used to edit anyfile on the system.
03bb247d0172ed1737bba3d4e4230b04f38a9de92fd5b0752da235aba0b587e5The 'recover' command in Solstice Backup (Sun's relabeled version of Legato Networker) on a Unix machine authorized to perform restore operations from the backup server can be used to by a normal user to restore any file accessible to the machine in a readable-to-them state (although it cannot be used to overwrite system files). This can be used to get your own copy of /etc/shadow for password cracking purposes.
2e259a1a7a110ea91a7f43f1a77dca658c78b5957225555efa344780d52d02baVi uses /tmp insecurely on OpenBSD, FreeBSD and Debian. This has been fixed in FreeBSD 2.2-STABLE, 3.4-STABLE and 4.0-CURRENT (04.01.2000).
0a66d13e1b0672071fa86fd276e6f2033173b2a6646c37fc1fe6802cb098a9dbA memory leak exists in the Super Mail Transfer Package for Windows NT that may cause an NT host to stop functioning and/or need to be rebooted. DoS exploit description included.
a01aab1ae7b5840b51fcf1072d89ef3b4fcf4c3f873d2009fc282fd6014ac277
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed