what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2000-02-24

labs34.htm
Posted Feb 24, 2000
Authored by Underground Security Systems Research

USSR Advisory #34 - Local/Remote D.o.S Attack in InterAccess Telnet Server Release 4.0 (All Builds) Windows95/98/WinNT. The code that handles the Terminal client configurations to the Telnet server in the connection procedure contains a buffer overflow, causing Telnetd to crash.

tags | remote, overflow, local
systems | windows
SHA-256 | 0bdd9580503830aa0647e9839d98b921538bdc30f5ff55c343a02f65a3cc2142
ievntsl3.exe
Posted Feb 24, 2000
Site adiscon.com

EvntSlog v3.2 takes NT system logs and sends them out in syslog format over the syslog UDP port so all the logs from your NT and unix boxes can be stored on the same unix box.

tags | udp
systems | unix
SHA-256 | 8b8d8459a63504945492f7b519ee570f89f6ebeb4985dbeee7f3aa0181d86033
fbsd-ping.txt
Posted Feb 24, 2000
Authored by Omachonu Ogali | Site tribune.intranova.net

FreeBSD is vulnerable to a DoS vulnerability involving high speed pinging with packets over 8184 bytes. Unofficial patch included.

tags | exploit, denial of service
systems | freebsd
SHA-256 | e6d81cdb10724ed192d48717002167649620f7b1c8833755743139dcae8ba13d
NetBSD-SA2000-001.procfs
Posted Feb 24, 2000

Updated NetBSD Security Advisory - Procfs local root vulnerability. Systems which have procfs configured in the kernel, but not mounted normally, are still vulnerable because user processes may mount procfs. This includes most default NetBSD installations. NetBSD security page here.

tags | kernel, local, root
systems | netbsd
SHA-256 | 1838f1f1359abb3f784db566ae4482ff550682a1b1f47623dd3bfc572a77a0e4
ddos-routing.txt
Posted Feb 24, 2000
Authored by Fernando P. Schapachnik

Distributed Deniel Of Service attacks - A proposal based on routing. This paper describes a technique that -hopefully- can be used to defeat the recent DDOS attacks. The solution presented here is bases on routing. It requires a certain amount of extra network infrastructure.

tags | denial of service
SHA-256 | d4db3368713cb2f7d6a456ebc627dd45e014bc76bf35def353db951d27f392a7
its4-1.0.1.tgz
Posted Feb 24, 2000
Authored by John Viega | Site rstcorp.com

ITS4 is a command-line tool for statically scanning C and C++ source code for security vulnerabilities. ITS4 scans through source code for potentially dangerous function calls that are stored in a database. Anything that is in the database gets flagged. ITS4 tries to automate a lot of the grepping usually done by hand when performing security audits.

Changes: Added support for Visual C++ 5.0 and later, Added GNU getopt to the distribution, license changes, portability fixes.
tags | vulnerability
systems | unix
SHA-256 | eda8d0762c06c5ed9847ce9f0187e7f3c53a4cd482084ddf434522078030e383
whatuneed.txt
Posted Feb 24, 2000
Authored by Neonlenz | Site mha1.8m.com

Describes what you need to Spoof/Hijack/Predict sequence numbers. Meant for newbies who don't know what to use to execute those kind of attacks often seen in TCP/IP Security Documents.

tags | paper, spoof, tcp, protocol
SHA-256 | 3ea630fc7ed9d3ed3d8630424dd21cb5fd189500f57a386684b160d1a0c87a1c
stunnel-3.8.tar.gz
Posted Feb 24, 2000
Authored by AdamH | Site opensores.thebunker.net

The stunnel program is designed to work as SSL encryption wrapper between remote client and local (inetd-startable) or remote server. The concept is that having non-SSL aware daemons running on your system you can easily setup to communicate with clients over secure SSL channels. stunnel can be used to add SSL functionality to commonly used inetd daemons like POP-2, POP-3 and IMAP servers as well as standalone daemons like NNTP, SMTP and HTTP without changes to the source code.

Changes: Bug fixes, compile fixes.
tags | remote, web, local, encryption, imap
SHA-256 | c90edd9e2a8fd94ab9f1c1cf08c86094fc48abc6775010957d62fb11c4127d9f
decimate.tar.gz
Posted Feb 24, 2000
Authored by Matt Miller | Site afro-productions.com

Decimate removes files in an ext2 filesystem so they are not recoverable. Includes some cool examples of how regular rming can be recovered.

tags | tool
systems | unix
SHA-256 | f2267590b03a2861c683fd881192e6081fca39626f9fe86c3173912300ed06f8
osiris-1.3.0.tar.gz
Posted Feb 24, 2000
Authored by The Schmoo Group | Site schmoo.com

Osiris catalogs specified directories of files, including MD5 hashes, modification dates, and file attributes into a specified database and/or to STDOUT as directed. The second program, scale, compares two such databases against each other. It will output, either to a file or STDOUT, any differences it finds between the two catalogs including missing or additional files, differing MD5 hashes, modification dates, and file attributes. Together, the two programs give an administrator the tools to follow changes in files on a server or workstation. This keeps an administrator apprised of possible attacks and/or nasty little trojans.

Changes: MacOSX support, addition of Haval and SHA hashes, a counter to let you know how far along osiris is when indexing files.
tags | tool, trojan, integrity
SHA-256 | c48763a329c092fdd7ae1e56352b3f3bbf1abf79d7b4aa0a4fbf94e4fdde0c38
sambar.bat.txt
Posted Feb 24, 2000
Authored by Georgi Chorbadzhiyski

All versions of Sambar server running under Windows NT and 2000 (95/98 not vulnerable) have vulnerabilities which allow remote command execution.

tags | exploit, remote, vulnerability
systems | windows
SHA-256 | 7b13bc962d27ef93b883d59d73a68c652e8b342cd4167afd0fde35917066ca60
wordpad-ie.txt
Posted Feb 24, 2000
Authored by Georgi Guninski | Site nat.bg

Georgi Guninski security advisory #7 - There is a vulnerability in Wordpad which allows executing arbitrary programs without warning the user after activating an embedded or linked object. This may be also exploited in IE for Win9x. Demonstration which starts AUTOEXEC.BAT available here.

tags | exploit, arbitrary
systems | windows
SHA-256 | 8c815d047dd5d9b4e8a06fecc24985c9005b8075decd685d753f14bceca1b2b7
iplanet.dos.txt
Posted Feb 24, 2000
Authored by Eiji Ohki

Sun iPlanet Web Server, Enterprise Edition 4.1 on Linux is vulnerable to a remote DoS attack. Many GET requests cause a kernel panic.

tags | exploit, remote, web, kernel
systems | linux
SHA-256 | 3d2d8fe606c710e7c1f85b7806cd14681cc6f8b5827957940ee2d1e143a45115
nai.00-mmdf.smtp.txt
Posted Feb 24, 2000
Site nai.com

Network Associates Security Advisory - Remote Vulnerability in the MMDF SMTP Daemon. A bug in MMDF allows anyone to obtain mail management privileges via the SMTP daemon, and then root. All versions of MMDF prior to 2.43 are vulnerable, including the version included with SCO Openserver.

tags | remote, root
SHA-256 | f2dea4a97da484464ee6e817e263cac11e46e2e3609a0b08a5ca3d921c508355
isic-0.05.tgz
Posted Feb 24, 2000
Authored by Mike Frantzen | Site expert.cc.purdue.edu

ISIC - 0.05 (IP Stack Integrity Check). Crafts random packets and launches them. Can fix or randomize source/dest IP's and Ports. You can specify the percentage of packets to fragment, to have IP options, to have bad IP versions.... Just about every field can be automagically twiddled. It contains distinct programs for TCP, UDP, ICMP, IP with a randomized protocol field and a program for randomized raw ethernet frames. Compiles and should work using Libnet under OpenBSD, Solaris, Linux and FreeBSD.

tags | udp, tcp, protocol
systems | linux, unix, solaris, freebsd, openbsd
SHA-256 | 78c7539b7de1f443ad0733aae617651355575721464987aa3ba08695eb41d58a
dvst8er3.5.bx
Posted Feb 24, 2000
Authored by Dvst8er

Dvst8er.bx version 3.5 - BitchX module to encrypt IRC conversations.

SHA-256 | 32eb36236930a4cb5a0b01471a782bb081d0f137ff2cc078e7b1b3e956ba7426
winsd.022400.txt
Posted Feb 24, 2000
Authored by winsd | Site win2000mag.com

Windows Security Alert - Two new risks were reported today: Microsoft reported a problem with its Systems Management Server 2.0 that allows an intruder to gain elevated privileges on the system and network, and Georgi Guninski reported a problem with WordPad that may allow unwanted code to execute on the desktop. According to the report, an exploit can be launched using a Web page and IE. Microsoft is aware of the problem, however no official response was known at the time of this writing.

tags | web, magazine
systems | windows
SHA-256 | 1bfd8eb16760dc1a28c84405f40d0590d9e886eafe4097b331c98342b2e097f2
winsd.022300.txt
Posted Feb 24, 2000
Authored by winsd | Site win2000mag.com

Windows Security Update - February 23, 2000. In this issue: Internet Information Server 4.0 Denial of Service, Windows Autorun.inf Vulnerability, Site Server Commerce User Input Unvalidated, Microsoft Java Virtual Machine Exposes User Files, Windows 2000 Professional Exposes System During Installation, Internet Explorer Exposes Users' Files, Zombie Zapper Helps Shut Down DDoS Attacks, How to Defend Against DoS Attacks, Novell Firewall for NT, SurfinShield Censors Hostile Code, Security for E-Business Documents, Malicious Code Protection Software, and Why Intruders Control Internet Insurance.

tags | java, denial of service, magazine
systems | windows
SHA-256 | ff10183cd7167c4eb30e3a325f9675ee8c2fe21c8defa6a3de1759acf5ab6432
ms00-013
Posted Feb 24, 2000

Microsoft has released a patch for a vulnerability in Windows Media Services. The vulnerability allows denial of service attacks against a streaming media server. Microsoft FAQ on this issue available here.

tags | denial of service
systems | windows
SHA-256 | d832904d0d88fe9603f93beb52147c755b99286f2ceda68be6dc04a440ce6bdd
sara-2.1.8.tar.gz
Posted Feb 24, 2000
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.

Changes: Added timing/delay command line option, Corrected minor bugs on the SARA menu, and proper credit is now given.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 1588e920c9fc1c52a983d51eea4ec9c15c628f001e4efc6b8f77a739b63c8010
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close