Packet Storm new exploits for March, 2000.
9f748d3bdcbb353ef839d0fa1b4cc33475d72f25779d4224b03144f06df0bd8cMore ways to abuse c|/con/con - In mail with html tags, in normal html, serv-u ftp, and win registry.
dbd63bc06595239243344b801d6472325cf936204765a3d9446777ea220235b9Anyone who can execute CGIMailer (anyone who can use the forms that use CGIMailer) can specify what configuration file to use and this can be any file on the system CGIMailer is running on. This allows for the existance of private files to be detected. There are more dangerous implications though: this vulnerability could possibly be exploited to obtain private files from the target system. If there is an FTP server running on the target system on which an attacker has upload priviledges, he/she could upload a malicious configuration file, and then run it using CGIMailer. Configuration files can be used to send files to the attacker via e-mail (among other things).
93e43f717e47063b7aa4ac1264f4e1f4436a2587838dfecd4a1ffd48d2008703Two exploits are included in this. It is a dcc chat buffer overflow in seperate exploits for linux and mirc.
f3545aeb86c142cd44d2d9e66a6762114035037eafe2d84e99ae2888730f8e89Local exploit for Linux Mandrake 7.0's wmcdplay 1.0 beta 1. Unlike the Teso exploit for wmcdplay, this code exploits the -position argument.
eed00eb19c97858a9e3a92302523c50bd3259f79d45239243286e9ab1b43681fVulnerability: Any user can overwrite any file in the system with x11amp ver .70.
f854507d6d5cef408de353bd42cf556273c973adfc5e305c7058e4a61a099eabSGI IRIX objectserver remote exploit - Remotely adds account to the IRIX system. Patched February, 1998. Tested on IRIX 5.2, 5.3, 6.0.1, 6.1 and even 6.2.
50cc9680c224be9e0219d599f01be7fd1deae2ff3856942ef92ade8bb1049054FreeBSD 3.2-REL AMD remote root exploit.
74ebf4b7191e638c02170d2329ab03a22fa5046246e7efe9383a60af7ebd7ef2icadecrypt cracks the weak hash encryption on stored Citrix ICA passwords (in appsrv.ini).
0181118dcdd35e59f180e0f657ec91f83b1e6c2830741f73a27b7ac95c081f4cAtsacd local root exploit. Halloween linux, possibly others affected.
d1dbb57ef211ca6ea1b6d2f9127deafdf395986b94f9c9cf47e32ec0512c62e0BIND 8.2 - 8.2.2 remote root exploit how-to. Explains how to manipulate DNS records on a primary name server to exploit this vulnerability.
13963a941af3f8fdd0f2293e438b81cbd1c0cfbbfca61326c27bfe8f6538b9c0Crash Exploit for AnalogX SimpleServer v1.03
cc9ee6eb889e4626230b81ac2c318ce7ff3dea4ca84840aff080e08d59e8c434Winmail 3.05 for Windows NT allows any file on the system to be read. Exploit code included.
3c466966794ec9932d49f5ff0255e8dff719b5b35bee9762550d2f934821973fkreatecd local root-exploit helper script - Halloween Linux 4.0 and SuSE 6.0 - 6.3.
23964fde1019bbfe985363c42c8ad5158d2951616665f872c8aa490b75e9e281Overflows the -position arg buffer in wmcdplay due to a bad sprintf call.
797e6bc48410b2afa3fb5a1600a36c4bbfb53243d9f45cd3ba84d269b068f7d0Domain Socket Denial of Service Vulnerability affecting Linux kernel 2.3.99-pre2, Linux kernel 2.2.14, Linux kernel 2.2.12, RedHat Linux 6.2, RedHat Linux 6.1 sparc, RedHat Linux 6.1 i386, and RedHat Linux 6.1 alpha.
b852a80885a8b80dda233f431bf76a6d44db3936fa28960a20e8b91df154b22dLinux web browsers are affected by accessing devices, this bug may be considered similar to the \con\con bug except that the technological superiority of Linux will prevent a system crash.
24e6fa2511307e8401d91b191909d3731bc4bdf93ba17eb2b652e59bae536e63A windows 9x machine that shares any of its files, even read only, can be crashed remotely via the con/con issue.
6b86f48dfa2be6f9382859f493774f77bf590ecb9219b3ea09878d0a6e76489aZSH Advisory - Netscape WebPublisher Allows Directory Listing and Access. Netscape Webpublisher is an addon to Netscape's Enterprise webserver which allows remote file modifications, uploads and downloads. A third party user can access the WebPublisher via downloading a number of java applets and the webserver's directory structure without having a valid account on the system. Netscape v3.5.1 / 3.6 SP1-3 under solaris are vulnerable.
fe012892a4ac1f20d6bb25a0c0a171ed2caeab44aa5c8dc575e5b034b62084e25 exploits for wmcdplay (A cd player designed for WindowMaker - Release 1.0 Beta1) Tested on Mandrake 7.0.
b3df24fce3105f322d4f200071911aafe6bd5667f3ca8f7cca758ea51fc67a99PAM/userhelper exploit - Ported to Mandrake 6.1. Also works on Red Hat 6.0 and 6.1, gives uid 0.
60f084b01a6b90f83d4afb30f04c2890fc63b2a6583017757d8572b289e798b3spoon.c - (ab)use dig.cgi to proxy DNS dig requests. Useful to request a zone transfer without revealing your IP.
bed34a7508213f2937d73bf1e00100537cc8f3ff8ce9ac45961c75bcec76988eA vulnerability exists in the gpm-root program, part of the gpm package. A local console user can obtain root. Tested under RedHat Linux (6.2 / 6.1 / 6.0 / 6.0 / 5.2 / 5.1) and Debian Linux (2.2 / 2.1 / 2.0).
fdc7878064ad331939f1b74e447a8ba7472f14e883ff96a2f93eaecb0a3154f5Halloween 4 local root exploit for imwheel-solo. Other distros maybe affected as well.
7300584731a280968e5f1a1b1f9f36318180b511c516ed48887ec106be3e6d96Overflows the -l arg buffer in wmcdplay due to a bad sprintf call. Tested on Mandrake.
dcaf4f08e182ca245fd5a67f7a6513167be09b045d4dbb23c1b92103c9d70d18
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed