Section: .. / 0005-exploits /
| /// File Name: |
0005-exploits.tgz |
Description:
|
Packet Storm new exploits for May, 2000.
| | File Size: | 400774 | | Last Modified: | Jul 13 20:49:11 2000 |
| MD5 Checksum: | 106f14bd20c29b9946e0e877750185e4 |
|
| /// File Name: |
watcheador.zip |
Description:
|
Watcheador is a Windows application allows you to view ASP source code using the Index Server bug in IIS 4 & IIS 5. Written in Delphi 4.0. Comments in spanish.
| | Author: | Leon De Juda | | File Size: | 174158 | | Last Modified: | May 14 08:22:11 2000 |
| MD5 Checksum: | a9b9aedbbb66c3d3fbdfc825f1b48362 |
|
| /// File Name: |
cisco.00-05-14.http |
Description:
|
A defect in multiple releases of Cisco IOS software will cause a Cisco router or switch to halt and reload if the IOS HTTP service is enabled and browsing to "http:///%%" is attempted. This defect can be exploited to produce a denial of service (DoS) attack. This defect has been discussed on public mailing lists and should be considered public information.
| | Homepage: | http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml | | File Size: | 29196 | | Last Modified: | May 17 22:44:07 2000 |
| MD5 Checksum: | 177d2675ccf94d2117289316882510d8 |
|
| /// File Name: |
ACROS-2000-04-06-1-PUB |
Description:
|
Bypassing Warnings For Invalid SSL Certificates In Netscape Navigator.
| | Homepage: | http://www.acros.si | | File Size: | 17712 | | Last Modified: | May 17 21:15:49 2000 |
| MD5 Checksum: | 1f30c5620c1a04acf9b16c06972bc5d0 |
|
| /// File Name: |
CISADV000503.txt |
Description:
|
Cerberus Information Security Advisory (CISADV000503) - The Cerberus Security Team has found a remotely exploitable buffer overrun in Lsoft's (www.lsoft.com) Listserv Web Archive component (wa/wa.exe v1.8d - this is the most recent version.
| | Author: | David Litchfield. | | Homepage: | http://www.cerberus-infosec.co.uk/advisories.shtml | | File Size: | 13488 | | Last Modified: | May 17 20:02:13 2000 |
| MD5 Checksum: | 8f73c44aa47ea7ae3b706aa5ec72a63f |
|
| /// File Name: |
netprex.c |
Description:
|
netprex.c is a SPARC / i386 buffer overflow root exploit for /usr/lib/lp/bin/netpr. Tested on Solaris 2.6 & 2.7.
| | Author: | Cheez Whiz | | File Size: | 13152 | | Last Modified: | May 15 02:39:38 2000 |
| MD5 Checksum: | 835fc109eb8034e4a735d9f86983473e |
|
| /// File Name: |
5niffi7.c |
Description:
|
5niffi7.c - Remote root exploit for sniffit (-L mail) 0.3.7.beta on Debian 2.2. Includes a detailed explanation of how the exploit works.
| | Author: | MaXX | | File Size: | 11722 | | Last Modified: | May 27 10:41:51 2000 |
| MD5 Checksum: | 85324cc710685c61ffe3df50c7b98c05 |
|
| /// File Name: |
ascend.c |
Description:
|
Ascend remote denial of service - Upon receiving a packet with non zero length tcp offsets ascend terminal servers will crash. Linux based exploit included.
| | Author: | The Posse. | | Homepage: | http://www.hack.co.za | | File Size: | 9820 | | Last Modified: | May 23 19:30:05 2000 |
| MD5 Checksum: | e1cad44cafc8680bbf75732764f15e6a |
|
| /// File Name: |
bugzpladv1_eng.txt |
Description:
|
BugzPL ADVISORY #1 - Bypassing restricted bash. bash-2 gives us the option to use a shell in restricted mode. Includes a patch to bash to eliminate most of the described attacks.
| | Author: | Arkth | | File Size: | 9741 | | Last Modified: | Jun 1 00:05:52 2000 |
| MD5 Checksum: | 6b1115eead69f5319b85ef5a1308bb38 |
|
| /// File Name: |
majordomo.txt |
Description:
|
The mailinglist software majordomo has several local vulnerabilties. Local commands can be run wuth the UID and GID equal to the one used for majordomo. Exploit details and patch included.
| | Author: | Federico Schwindt | | Homepage: | http://www.core-sdi.com | | File Size: | 9265 | | Last Modified: | Jun 1 06:21:42 2000 |
| MD5 Checksum: | bb09677397e1aae2595b1dfa15e916f8 |
|
| /// File Name: |
bugzilla.txt |
Description:
|
BufferOverflow Advisory: Unchecked system call in Bugzilla 2.8. The script used to submit new bugs, process_bug.cgi, is vulnerable because it does not check the contents of the who field. Includes perl remote exploit code.
| | Author: | {} | | Homepage: | http://root66.nl.eu.org | | File Size: | 8782 | | Last Modified: | May 12 03:00:26 2000 |
| MD5 Checksum: | e31f4178d743cb63cb655661d9f6c3d2 |
|
| /// File Name: |
nhc.kp.txt |
Description:
|
It is possible to cause a kernel panic on systems running NetBSD by sending a packet remotely with an unaligned IP Timestamp option.
| | Author: | ipfreely | | Homepage: | http://www.newhackcity.net | | File Size: | 8737 | | Last Modified: | May 5 20:57:12 2000 |
| MD5 Checksum: | 306f33046a1226ef1be7d0461cc60113 |
|
| /// File Name: |
7350kscd.tar.gz |
Description:
|
New TESO kscd exploit (cd player is KDE multimedia package)
| | Author: | TESO | | Homepage: | http://www.team-teso.net | | File Size: | 8307 | | Last Modified: | May 15 21:43:59 2000 |
| MD5 Checksum: | 26e4111c9742b12583d8696998612cde |
|
| /// File Name: |
tcpb.c |
Description:
|
A backdoor over non connected and spoofed tcp packets.
| | Author: | CyRaX | | Homepage: | http://www.programmazione.it/knights | | File Size: | 7029 | | Last Modified: | May 1 23:03:18 2000 |
| MD5 Checksum: | ddf193bb74c4c5e28480b89dd432e407 |
|
| /// File Name: |
silent.delivery.txt |
Description:
|
Silent delivery and installation of an executable on a target Windows computer is possible by combining some bugs. No client input other than opening an email or newsgroup post is neceassary, making the possibilities endless. The key component is from Georgi Guninski, the wordpad overflow. An ActiveX control does the rest. Exploit code included.
| | File Size: | 6948 | | Last Modified: | May 14 02:06:00 2000 |
| MD5 Checksum: | dc902b45317dbb84fd57790a18d4b1e0 |
|
| /// File Name: |
mdbms.c |
Description:
|
MDBMS V0.96b6 remote root exploit - This code demonstrates a MDBMS v0.96b6 vulnerability which allows any remote user to exec a root shell. Tested on Linux SuSE 6.3.
| | Author: | TDP | | File Size: | 6547 | | Last Modified: | Jun 1 20:30:41 2000 |
| MD5 Checksum: | edd974162529ec9ffcd752497820e4ba |
|
| /// File Name: |
sses-sshauth.txt |
Description:
|
A vulnerable secure shell distribution is available from the popular Zedz Consultants FTP site (formally known as replay.com). The RedHat Linux RPM ssh-1.2.27-8i.src.rpm contains a PAM patch which contains faulty logic allowing users to essentially pass through the username/password authentication step and gain shell access.
| | Homepage: | http://www.sses.net | | File Size: | 6110 | | Last Modified: | May 17 21:22:30 2000 |
| MD5 Checksum: | 95b80c63f273743306ae2cf0b0b7b355 |
|
| /// File Name: |
b0f5-Qpopper.txt |
Description:
|
BufferOverflow Security Advisory #5 - Remote shell via Qpopper2.53. qpop_euidl.c exploit included. Requires a qpop account and gives UID mail.
| | Author: | Prizm | | Homepage: | http://b0f.freebsd.lublin.pl | | File Size: | 5946 | | Last Modified: | May 24 21:55:59 2000 |
| MD5 Checksum: | 2a4401d33c14ffe9385bfcd5c4240512 |
|
| /// File Name: |
RFParalyze.txt |
Description:
|
Through a netbios session request packet with a NULL source name, Windows 9[5,8] show a number of odd responses. Everything from lockups, reboots and "the blue screen of death", to total loss of network connectivity. Source code included. Reverse engineered from a binary exploit already in use.
| | Author: | Rain Forest Puppy and Evan Brewer. Homepages at www.el8.org and www.wiretrip.net. | | File Size: | 5731 | | Last Modified: | May 3 23:56:44 2000 |
| MD5 Checksum: | afd8c701cbf04d7eb15f97b7514bf03a |
|
| /// File Name: |
l0phtl0phe.c |
Description:
|
l0phtl0phe.c - antisniff exploit (1.02 included). l0pht messed up the fix for their problem in antisniff by not regarding the type signedness properties of the char and int values used, resulting in a cool of method bypassing the extra length + strncat checks.
| | Author: | Scut | | Homepage: | http://www.team-teso.net/releases/ | | File Size: | 5516 | | Last Modified: | May 19 00:29:50 2000 |
| MD5 Checksum: | c3a783b7bf5bef9f333b758e3f249586 |
|
| /// File Name: |
cisco760.c |
Description:
|
Cisco 760 Series Connection Overflow. Affected Systems: Routers Cisco 760 Series. Others not tested.
| | Author: | Tiz.Telesup. | | File Size: | 5137 | | Last Modified: | May 18 00:34:13 2000 |
| MD5 Checksum: | a4074a92cb0b32eac9e0680403c56ee5 |
|
| /// File Name: |
RFP2K04.txt |
Description:
|
RFP2K04 - Mining BlackICE with RFPickAxe. BlackICE IDS uses a management console called ICECap to collect and monitor alerts sent by the various installed BlackICE agents. The ICECap user console sits on port 8081 and has the default login of 'iceman' with no password. The second problem is that the software uses, by default, the Microsoft Jet 3.5 engine to store alerts. If you couple that with the shell VBA problem, that means you can push alerts that contain commands to be executed on the ICECap system. Includes RFPickaxe.pl demo exploit.
| | Author: | Rain Forrest Puppy | | Homepage: | http://www.wiretrip.net | | File Size: | 5058 | | Related CVE(s): | CAN-2000-0325 | | Last Modified: | May 17 19:31:12 2000 |
| MD5 Checksum: | 7ab3538c3154d81d5551eca38825fbea |
|
| /// File Name: |
cisco.help |
Description:
|
It seems that, even though a regular (non-"enabled") user should not be able to see the access-lists or other security-related information in the router, one can do just that. The online help systems doesn't list the commands as being available, but out of 75 extra "show" options that are available in "enable" mode (on a 12.0(5)3640), only 13 were actually restricted.
| | Author: | Fernando Montenegro. | | File Size: | 4957 | | Last Modified: | May 17 19:18:53 2000 |
| MD5 Checksum: | 70832d19e7c1f52159121e79daaae2e5 |
|
| /// File Name: |
killsentry.c |
Description:
|
killsentry.c shows that automatic firewalling is a bad idea by sending spoofed FIN packets from different hosts in an attempt to confuse Portsentry. Tested on FreeBSD 3.2.
| | Author: | Andrew Alston | | File Size: | 4670 | | Last Modified: | May 23 19:42:01 2000 |
| MD5 Checksum: | 11506e7d1441a1cdf66f6fb12dbb8b7f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps.gif){kind=small}
