what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2002-08-21

psad-0.9.9.tar.gz
Posted Aug 21, 2002
Site cipherdyne.com

Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.

Changes: Bugfixes for the tcpwrapper auto-blocking code on iptables and ipchains boxes. A new whois lookup strategy has been added that creates files like /var/log/psad/who.txt_IP for each scanning IP, a prelude to snort-style logging. Now uses the latest version of the whois client. The psad.8 man page and other docs have been updated.
tags | kernel, perl, tcp
systems | linux
SHA-256 | e43d8b6f9d5a0efb89edbce1c9a09aca4bf39dd62f8f430e74a835801585ad5e
sbofcoder.pl
Posted Aug 21, 2002
Authored by electronicsouls, Burn-X | Site es.xor.ru

Simple Bof Coder for Linux and BSD constructs proof of concept buffer overflow code by asking several questions about the vulnerability. Written in perl, generates C source.

tags | overflow, perl, proof of concept
systems | linux, unix, bsd
SHA-256 | 61ad4e418307159c7adf3bc1cd3b9c61ce9120f4bd277c4b51fceecc722e9cf8
firestarter-0.9.0.tar.gz
Posted Aug 21, 2002
Authored by Tomas Junnonen | Site firestarter.sourceforge.net

The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.

Changes: This is the first GNOME 2.0 version of Firestarter featuring a completely new user interface, in-depth traffic inspection, new filtering options, a new manual, and many other improvements.
tags | tool, firewall
systems | linux
SHA-256 | 32cb78c927a04a72e82564f3db2ad9abbce771194fe68ea1e5f8ded50d96f2c0
trans.txt
Posted Aug 21, 2002
Authored by Hexxeh

Basic Transposition Ciphers - All they do is shuffle the characters.

tags | paper
SHA-256 | a6cef088fd83129f4d008c1646791990e5efefbb135dda28f1594c9f51b57eb6
virus-writing-HOWTO-2002-08-15.tar.gz
Posted Aug 21, 2002
Authored by Alexander Bartolich | Site lwfug.org

The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.

Changes: A port to Debian GNU/Linux on SPARC was started. "The magic of the Elf" and "The language of evil" are finished.
tags | paper, virus
systems | linux
SHA-256 | c3eab65349d14045e1c71e01c0eee10c930954db406d18e2ef4fb2c4edc148d3
Atstake Security Advisory 02-08-16.1
Posted Aug 21, 2002
Authored by Atstake | Site atstake.com

Atstake Security Advisory A081602-1 - The auditing mechanism of Windows NT 4.0 and Windows 2000 SP2 does not understand hard links so it produces some erroneous results allowing an attacker to access files through hard links such that the name of the file being accessed does not appear in the security event log. Instead, the file name of the hard link appears in the event log. The hard link can be deleted after accessing the file thus eliminating any trace of the file I/O activity.

systems | windows
SHA-256 | e5fefbae46a457866facd5d4caafcae07329a7508e7d9764de60f72b741eb0ba
lynx.cr.txt
Posted Aug 21, 2002
Authored by Ulf Harnhammar

Lynx prior to v2.8.4rel.1 contains a vulnerability which allows a web site owner to cause lynx to download files from the wrong site on a webserver with multiple virtual hosts because lynx fails to remove or encode dangerous characters such as space, tab, CR and LF before constructing HTTP queries.

tags | web
SHA-256 | 76cadd36c69520fb9295e1e9db5a96658f1721be3a8c838c891d9f76c4a927ae
mssql-jobs2.txt
Posted Aug 21, 2002
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Security Advisory NISR19002002A - Microsoft SQL Server 2000 and 7 come with a "helper" service which allows a low privileged user to create and overwrite arbitrary files on the SQL server. Includes proof of concept SQL code.

tags | arbitrary, proof of concept
SHA-256 | d00fd77d758ad8f157ea1a193c0b5f00842cddd2ba606d82b82ca8b386411279
steelarrow.txt
Posted Aug 21, 2002
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Security Advisory NISR19082002B - The Tomahawk SteelArrow web application server v4.1 and below for Windows NT and 2k contains three buffer overflows which allow the remote execution of code. Fix available here.

tags | remote, web, overflow
systems | windows
SHA-256 | 4a8bff199da6f100e224f72780c912d5fb4b0f765ed077517469b6ea5326ca8a
ipsorc-1.7.0.tar.gz
Posted Aug 21, 2002
Site legions.org

IP Sorcery is a TCPIP packet generator which allows you to send TCP, UDP, and ICMP packets with a GTK+ interface.

Changes: GUI is now in a tabbed format, added the ability to sniff UDP and TCP from the packets sent, and made several code modifications and cosmetic changes.
tags | udp, tcp
systems | unix
SHA-256 | 7839461de607cff1c9e38e192bf90a0ff4851550255a6f824d3e9da1f4da8c68
patch-2.4.19-fnk4.patch.gz
Posted Aug 21, 2002
Authored by Paul Drain | Site cipherfunk.org

The cipherfunk Patched Linux Kernels provide patch sets that focus on security enhancements, optimizations, and bugfixes to the current stable Linux Kernel. They are suitable for workstation or high-end server use in both production and development environments.

Changes: IDE CDROM fallback patch present in -fnk3 has been reverted for a generic solution for all CD devices, a workaround for UDMA5 drives has been added, various drivers have been updated, and a GCC 3.2 specific compile workaround has been added.
tags | kernel, patch
systems | linux, unix
SHA-256 | 085c5ffdbdbd89012634e6937626af473b29c40dee5510fa36ef855acb0d73a5
nssilabs-keriosecvuln.txt
Posted Aug 21, 2002
Authored by Abraham Lincoln Hao | Site nssilabs.nssolution.com

NSSI Research Labs Security Advisory - Kerio Mail Server v5.x for Windows contains multiple denial of service and cross site scripting vulnerabilities in all mail services and the web mail module of the mail server.

tags | web, denial of service, vulnerability, xss
systems | windows
SHA-256 | eaeda46462c4a849df147445ef57db0d106619c359883b31544c418d2d5dada8
firestorm-0.4.6.tar.gz
Posted Aug 21, 2002
Site scaramanga.co.uk

Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.

Changes: Fixed a bug which caused tcpdump log files to get overwritten. The TCP state tracking code was completely rewritten and is now much more accurate and efficient. Support for HTTP URI content matching was added. Snort signatures are now bundled with default packages.
tags | tool, remote, intrusion detection
systems | unix
SHA-256 | e93123485333da8b54d632f5ec9c863eb29a49e584a917517507750a6aefcb26
BBD-0.3.tgz
Posted Aug 21, 2002
Authored by detach

BBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. This version contains an <optional> client which allows you to execute the command remote as well as local by prefixing a command with a semicolon.

tags | tool, remote, local, root, tcp, rootkit
systems | unix
SHA-256 | be7fa70c5e442deb313dea7e9093292482ecd45654b7e0a211af2fdb11c3e779
fwlogwatch-0.9.tar.gz
Posted Aug 21, 2002
Authored by Boris Wesslowski | Site kyb.uni-stuttgart.de

Fwlogwatch analyzes the ipchains, netfilter, iptables packet filter, and Cisco logfiles and generates text and HTML summaries. Features realtime anomaly alerting capability, an interactive report generator, and the ability to cut off attacks by adding firewall rules.

Changes: Features NetScreen, Elsa Lancom, basic PIX v6 support, a PHP frontend, IPv6 for the built-in Web server, and some small bug fixes.
tags | tool, firewall
systems | cisco, unix
SHA-256 | 4bbf4359eacdc74fbbb8a2d633ffa467fe57e74d5955f0dddf83fceafbe8ae53
tcpreplay-1.2.tar.gz
Posted Aug 21, 2002
Site sourceforge.net

Tcpreplay v1.2 - Tcpreplay is a set of tools aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.

Changes: Includes many new features and fixes, including removal of libpcap dependency, support for libnet 1.1.x, better dual nic support, fixing of truncated packets, Solaris snoop file support, and more.
tags | tool, arbitrary, protocol, intrusion detection
systems | unix
SHA-256 | 057068ea8ded353c7910c2c940842c04bf213fedd43e58b902125c578c66ab1f
nssi.tpfw.txt
Posted Aug 21, 2002
Authored by Aaron Tan Lu | Site nssolution.com

NSSI Research Labs Security Advisory NSSI-2002-tpfw - The Tiny Personal Firewall 3.0 for Windows contains contains denial of service vulnerabilities in the activity logger tab of the Personal Firewall Agent module which allow remote attackers to crash the OS, consuming 100% of the CPU.

tags | remote, denial of service, vulnerability
systems | windows
SHA-256 | 4369b0114c0361e90582dcab9a61d7e641248ac2189b78b4b81faabc72a906cd
2minbdoor.c
Posted Aug 21, 2002

/bin/login backdoor by tracewar.

tags | tool, rootkit
systems | unix
SHA-256 | a5dca046dcb7b274a126ab8bb95c6d1337c341f400908f5db631dbe41b2c9f17
openssl-0.9.6g.tar.gz
Posted Aug 21, 2002
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed ASN1 overflow checks and fixed a DoS in the handling of assertions since 0.9.6e.
tags | encryption, protocol
SHA-256 | 26d97451915a76700452e2ccdacca3cde7e62150827c460922569d5c72d9f6bf
ethereal-0.9.6.tar.gz
Posted Aug 21, 2002
Authored by Gerald Combs | Site ethereal.com

Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.

Changes: A buffer overflow in the ISIS dissector that allowed arbitrary code execution was fixed. TCP sequence number analysis has been added. Several other bugs were fixed and lots of protocol dissectors were updated including 802.11.
tags | tool, sniffer, protocol
systems | unix
SHA-256 | ea6ddc17081ac84412c8a67a69ab99933e498b3825ed28dd5c0c4ccb78237ec9
Ethereal Security Advisory 6
Posted Aug 21, 2002
Authored by Ethereal | Site ethereal.com

Ethereal Security Advisory enpa-sa-00006 - The ISIS protocol dissector in Ethereal 0.9.5 and earlier versions contains a buffer overflow which can be exploited remotely to crash Ethereal or execute arbitrary code as root. To fix, upgrade to Ethereal v0.9.6 or disable the ISIS protocol dissector.

tags | overflow, arbitrary, root, protocol
SHA-256 | 98f78a2eada9861a0e7be750264047f67fae5b481afc765afcb47870519120ac
holygrail.c
Posted Aug 21, 2002

Holygrail.c is a remote root exploit for telnetd under Solaris Sparc 2.5.1, 2.6, 2.7, and 8. Verified to work against Solaris 7 and 8 sparc - spawns a root shell.

tags | exploit, remote, shell, root
systems | solaris
SHA-256 | db9942f1b9b94f9665e2d1ea631b7cd99d363ce639e4f91ab79966997e37ceaa
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close