exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files from David Goldsmith

Email addressdaveg at atstake.com
First Active2000-02-02
Last Active2004-07-14
Atstake Security Advisory 04-07-13.1
Posted Jul 14, 2004
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A071304-1 - 4D WebSTAR versions 5.3.2 and below suffer from numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources. These include a remotely exploitable pre-authentication FTP overflow, directory indexing of any directory on the host, file disclosure of PHP.INI, and local privilege escalation and file overwrite via symbolic links.

tags | advisory, overflow, local, php, vulnerability
SHA-256 | 3687cf4f4805ebd7619c3a629f029fcea5cc0d6baf1031b38b9528d9e63c3d7c
Atstake Security Advisory 04-05-03.1
Posted May 7, 2004
Authored by David Goldsmith, Atstake, Dino Dai Zovi | Site atstake.com

Atstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.

tags | advisory, overflow, root, protocol
systems | apple, osx
advisories | CVE-2004-0430
SHA-256 | d0a99458eaeba41776f013f6acd2684183376fa3765005d3b0854d047a21d569
Atstake Security Advisory 04-02-23.1
Posted Feb 24, 2004
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A022304-1 - The ppp daemon that comes installed by default in Mac OS X is vulnerable to a format string vulnerability. It is possible to read arbitrary data out of pppd's process. Under certain circumstances, it is also possible to 'steal' PAP/CHAP authentication credentials.

tags | advisory, arbitrary
systems | apple, osx
advisories | CVE-2004-0165
SHA-256 | ac39259d91e80a21a84083dd2d5ed03a1ab274c26fa3d74162b3afe90c544152
Atstake Security Advisory 04-01-27.1
Posted Jan 29, 2004
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A012704-1 - The version of TruBlueEnvironment that is shipped with Mac OS X 10.3.x and 10.2.x takes the value of an environment variable and copies it into a buffer without performing any bounds checking. Since this buffer is stored on the stack, it is possible to overwrite the return stack frame and execute arbitrary code as root.

tags | advisory, arbitrary, root
systems | apple, osx
SHA-256 | 8ce54a8fef937890cb1f9d170aa0c3d29ca49c9cf3641d06a4d384befd8331e6
Atstake Security Advisory 03-10-28.3
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A102803-3 - It is possible to cause the the Mac OS X kernel prior to v10.3 to crash by specifying a long command line argument. While this primarily affects local users there may be conditions where this situation is remotely exploitable if a program which receives network input spawns another process with user input. It is possible to use this condition to dump small portions of memory back to an attacker.

tags | kernel, local
systems | apple, osx
SHA-256 | 319ce15f5986529ed5010d67654eb62e5341d237edf4d5f20e5bf93b121fe0a7
Atstake Security Advisory 03-10-28.1
Posted Oct 30, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Mac OS X prior to v10.3, if running with core files enabled, allows local attackers with shell access to overwrite any file and read core files created by root owned processes.

tags | shell, local, root
systems | apple, osx
SHA-256 | 55cac7ecd548a05acacef22ad370bb0adceada6e580cad95af9f0d9d18d3a9cc
Atstake Security Advisory 03-08-07.2
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A080703-2 - tcpflow, the network monitoring tool that records TCP sessions in an easy to use and view manner, contains a format string vulnerability that is typically unexploitable.

tags | advisory, tcp
SHA-256 | b4f0c4f5a717ad038f3eb39e9c687e11d5766b61d2e3b9b83c77992f43bb0bcf
Atstake Security Advisory 03-08-07.1
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A080703-1 - Both IPNetSentryX and IPNetMonitorX come with three helper tools that each have security issues associated with them. The first two tools: RunTCPDump and RunTCPFlow allow arbitrary users to monitor the network without requiring any form of authentication or privilege. The third tool, tcpflow (executed by RunTCPFlow), contains a format string vulnerability, allowing arbitrary commands to be run as the user calling the program. Since RunTCPFlow is setuid root and will pass arguments to tcpflow, we can execute arbitrary commands as root.

tags | advisory, arbitrary, root
SHA-256 | e9e60f02bd40ae6f22a3de8966d31b5d80e4df271203a7ad9f1e8286a57adf29
Atstake Security Advisory 03-05-12.1
Posted May 13, 2003
Authored by David Goldsmith, Jeremy Rauch, Atstake | Site atstake.com

Atstake Security Advisory A051203-1 - The Apple AirPort XORs a password with a fixed maximum of 32 bytes against a predefined key. If a password is set to one character, a simple sniff of the 32 byte block will reveal 31 bytes of the XOR key. The final byte can be obtained by XORing the obfuscated first byte against the first character of the plaintext password.

tags | advisory
systems | apple
SHA-256 | 72c9a3c6b408f1e2bd344bc4e089fb5e6fd14d01b2497ba07065546cd0280432
Atstake Security Advisory 03-04-10.1
Posted Apr 11, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A041003-1 - MacOS X DirectoryService, which runs setuid as root, uses a system() to execute the touch command without properly using a full path. Due to this, a local attacker can execute commands as root.

tags | advisory, local, root
SHA-256 | ca8fa585c5c12890f30e767074ee9e77851c6c136557059afdae4911aeae24fd
Atstake Security Advisory 03-02-14.1
Posted Feb 19, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A021403-1 - Mac OS X v10.2.3 contains a local root vulnerability in the TruBlueEnvironment portion of the MacOS Classic Emulator, which is suid root and installed by default.

tags | local, root
systems | apple, osx
SHA-256 | 922979add04dd03a99e8b8cf1546f75144cba14cd5ed8c57ec889932256bc0db
A102600-1.txt
Posted Oct 31, 2000
Authored by David Goldsmith, Brian Carrier, Rex Warren | Site atstake.com

Atstake security advisory - This advisory describes a vulnerability that exists in Cisco Systems Virtual Central Office 4000 (VCO/4K). There is a vulnerability in the SNMP interface that allows an attacker to enumerate username and obfuscated password pairs for the Telnet interface. Since the obfuscation method used on the passwords is reversible, administrative access to the VCO/4K can be obtained. Perl proof of concept exploit included.

tags | perl, proof of concept
systems | cisco
SHA-256 | 7efd12964efef16b759d3fcdb2af9a30829c39d81b2e68ec5426c943032bfa96
instructor.c
Posted Feb 2, 2000
Authored by David Goldsmith

Instructor is a 32 bit instruction set auditor. By sequentially executing every 32 Bit OpCode, one can find instructions that might have adverse effects on operating environments. For example, Instructor was used to find the non-privileged halt instruction.

tags | tool
systems | unix
SHA-256 | cab3daead94e9ad13bce609a5574a99466290e60115dd1dad349896f71547a1b
instructor.c
Posted Feb 2, 2000
Authored by David Goldsmith | Site ksrt.org

instructor.c is an OpenBSD 2.5 DoS attack which attempts to execute every 32 bit instruction. It is useful for people who are trying to find hidden features, or hidden bugs in their hardware or operating system. Many "features" have been found with this program.

tags | exploit
systems | openbsd
SHA-256 | a70cc461f83c0c214d4cbf175bc5b405671807e2937804c52d63b58d9d1f9822
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close