Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Sun, 27 May 2012 22:31:44 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1100931137&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0004-exploits%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1100931137.1338157904.1338157904.1338157904.1%3B%2B__utmz%3D32867617.1338157904.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/21875/0004-exploits.tgz http://packetstormsecurity.org/files/21875/0004-exploits.tgz http://packetstormsecurity.org/files/21875/0004-exploits.tgz.html Fri, 19 May 2000 17:56:12 GMT Packet Storm new exploits for April, 2000. http://packetstormsecurity.org/files/17684/austnethack.tgz http://packetstormsecurity.org/files/17684/austnethack.tgz http://packetstormsecurity.org/files/17684/austnethack.tgz.html Fri, 28 Apr 2000 19:04:09 GMT How AustNet's Virtual World was hacked to reveal users real IP. Slightly crippled demonstration code included. Lots of information on the austnet hack available here. http://packetstormsecurity.org/files/17747/sftp02b.c http://packetstormsecurity.org/files/17747/sftp02b.c http://packetstormsecurity.org/files/17747/sftp02b.c.html Fri, 28 Apr 2000 19:01:19 GMT Smart FTP v0.2 Beta denial of service. http://packetstormsecurity.org/files/17742/qpopper.fgets.txt http://packetstormsecurity.org/files/17742/qpopper.fgets.txt http://packetstormsecurity.org/files/17742/qpopper.fgets.txt.html Thu, 27 Apr 2000 22:24:55 GMT fgets() is unsafely used in qpopper version 2.53. http://packetstormsecurity.org/files/17741/mmdump.pl http://packetstormsecurity.org/files/17741/mmdump.pl http://packetstormsecurity.org/files/17741/mmdump.pl.html Thu, 27 Apr 2000 21:26:06 GMT Meeting Maker is a networked calendaring/scheduling software package that's estimated to be installed on over 700,000 desktops. Clients send passwords to a Meeting Maker server encoded using a polyalphabetic substitution cipher. Included perl script will decode passwords sent over the net. http://packetstormsecurity.org/files/17740/lpset.sh http://packetstormsecurity.org/files/17740/lpset.sh http://packetstormsecurity.org/files/17740/lpset.sh.html Thu, 27 Apr 2000 21:12:55 GMT /usr/bin/lpset vulnerability in Solaris/SPARC 2.7. http://packetstormsecurity.org/files/17739/4man.c http://packetstormsecurity.org/files/17739/4man.c http://packetstormsecurity.org/files/17739/4man.c.html Thu, 27 Apr 2000 21:10:24 GMT redhat 6.1 /usr/bin/man exploit. http://packetstormsecurity.org/files/17735/sol7.lp.c http://packetstormsecurity.org/files/17735/sol7.lp.c http://packetstormsecurity.org/files/17735/sol7.lp.c.html Thu, 27 Apr 2000 20:43:18 GMT Solaris 2.7 /usr/bin/lp local exploit, i386. http://packetstormsecurity.org/files/17734/xsun2.c http://packetstormsecurity.org/files/17734/xsun2.c http://packetstormsecurity.org/files/17734/xsun2.c.html Thu, 27 Apr 2000 20:41:03 GMT xsun2.c is a Solaris 7 x86 local root stack overflow for /usr/openwin/bin/Xsun. http://packetstormsecurity.org/files/17733/sparc_lpset.c http://packetstormsecurity.org/files/17733/sparc_lpset.c http://packetstormsecurity.org/files/17733/sparc_lpset.c.html Thu, 27 Apr 2000 20:38:49 GMT /usr/bin/lpset local root exploit for sparc. http://packetstormsecurity.org/files/17732/imwheel_ex.c http://packetstormsecurity.org/files/17732/imwheel_ex.c http://packetstormsecurity.org/files/17732/imwheel_ex.c.html Thu, 27 Apr 2000 20:36:06 GMT imwheel local root exploit (as discussed in RHSA-2000:016-02). http://packetstormsecurity.org/files/17726/xdnewsweb.pl http://packetstormsecurity.org/files/17726/xdnewsweb.pl http://packetstormsecurity.org/files/17726/xdnewsweb.pl.html Thu, 27 Apr 2000 15:53:08 GMT Vulnerability found in cgi DNEWSWEB used for reading news groups from web. Its possible to overflow stack and read any file from remote host with web server rights. All versions and for all OSes exploitable. Example of reading file /etc/passwd for Linux included. Fixed in dnews 5.4c1, available here. http://packetstormsecurity.org/files/17706/dig.c http://packetstormsecurity.org/files/17706/dig.c http://packetstormsecurity.org/files/17706/dig.c.html Tue, 25 Apr 2000 19:51:02 GMT dig v2.2 local buffer overflow exploit for x86 linux. Note that dig isn't suid/sgid on some platforms, yet on some it is. http://packetstormsecurity.org/files/17705/solx86-imapd.c http://packetstormsecurity.org/files/17705/solx86-imapd.c http://packetstormsecurity.org/files/17705/solx86-imapd.c.html Tue, 25 Apr 2000 19:42:44 GMT imapd IMAP4rev1 v10.205 remote root exploit, solaris x86. Exploits the AUTHENTICATE overflow, yielding a remote root shell. http://packetstormsecurity.org/files/17704/solx86-nisd.c http://packetstormsecurity.org/files/17704/solx86-nisd.c http://packetstormsecurity.org/files/17704/solx86-nisd.c.html Tue, 25 Apr 2000 19:41:12 GMT rpc.nisd remote root overflow, solaris 2.4 x86. Solaris 2.5.0 and 2.5.1 work with different offset. http://packetstormsecurity.org/files/17703/lpset.c http://packetstormsecurity.org/files/17703/lpset.c http://packetstormsecurity.org/files/17703/lpset.c.html Tue, 25 Apr 2000 19:39:30 GMT /usr/bin/lpset local root stack overflow for Solaris 7, x86. http://packetstormsecurity.org/files/17702/xsun.c http://packetstormsecurity.org/files/17702/xsun.c http://packetstormsecurity.org/files/17702/xsun.c.html Tue, 25 Apr 2000 19:35:21 GMT xsun.c is a Solaris 7 x86 local root stack overflow for /usr/openwin/bin/Xsun. http://packetstormsecurity.org/files/17689/freebsd.mtr.c http://packetstormsecurity.org/files/17689/freebsd.mtr.c http://packetstormsecurity.org/files/17689/freebsd.mtr.c.html Mon, 24 Apr 2000 22:32:29 GMT FreeBSD mtr-0.41 local root exploit. http://packetstormsecurity.org/files/17686/lcdproc-exploit.c http://packetstormsecurity.org/files/17686/lcdproc-exploit.c http://packetstormsecurity.org/files/17686/lcdproc-exploit.c.html Mon, 24 Apr 2000 01:58:51 GMT LCDproc is a system to display system information and other data on an LCD display which uses client / server communication. The server is vulnerable to remote buffer overflow allowing an attacker to remotely execute arbitrary code or cause the LCDproc server to crash. Patch available here. http://packetstormsecurity.org/files/17683/wmaker.c http://packetstormsecurity.org/files/17683/wmaker.c http://packetstormsecurity.org/files/17683/wmaker.c.html Mon, 24 Apr 2000 01:27:28 GMT Windowmaker 0.62.0 buffer overflow exploit - Although wmaker is not suid by default, this code will overflow the $DISPLAY environment variable. http://packetstormsecurity.org/files/17677/ADV-150400.txt http://packetstormsecurity.org/files/17677/ADV-150400.txt http://packetstormsecurity.org/files/17677/ADV-150400.txt.html Sun, 23 Apr 2000 09:35:38 GMT Microsoft Frontpage CERN Image Map Dispatcher (/cgi-bin/htimage.exe) comes by default and has three vulnerabilities. The full path to the root directory is revealed, a buffer overflow was found - remote code execution may be possable, and files on the server may be accessed. http://packetstormsecurity.org/files/17674/kill_nwtcp.c http://packetstormsecurity.org/files/17674/kill_nwtcp.c http://packetstormsecurity.org/files/17674/kill_nwtcp.c.html Sun, 23 Apr 2000 07:37:05 GMT Novell Netware 5.1 Remote Administration Service contains a buffer overflow that could allow an attacker to launch a denial of service attack against the system, or possibly inject code into the operating system for execution. DoS exploit included. http://packetstormsecurity.org/files/17673/RUS-CERT.200004-01.txt http://packetstormsecurity.org/files/17673/RUS-CERT.200004-01.txt http://packetstormsecurity.org/files/17673/RUS-CERT.200004-01.txt.html Sun, 23 Apr 2000 07:30:13 GMT RUS-CERT Advisory 200004-01: GNU Emacs 20 - Several vulnerabilities were discovered in all Emacs versions up to 20.6, including allowing unprivileged local users to eavesdrop the communication between Emacs and its subprocesses, Emacs Lisp tempfile problems, and the history of recently typed keys may expose passwords. The following systems were tested vulnerable: Linux, FreeBSD (and probably other *BSD variants), HP-UX 10.x, 11.00, and AIX 4. Solaris and DG/UX are unaffected. http://packetstormsecurity.org/files/17672/razor.dvwssr.txt http://packetstormsecurity.org/files/17672/razor.dvwssr.txt http://packetstormsecurity.org/files/17672/razor.dvwssr.txt.html Sun, 23 Apr 2000 07:16:06 GMT BindView RAZOR Team Analysis of DVWSSR.DLL - The risks of having dvwssr.dll are not as severe as originally reported in media outlets Friday morning, but still severe enough that system administrators responsible for NT systems to investigate. The risks involve whether or not a certain DLL is loaded, how rights are set, and potentially how Front Page 98 is used. http://packetstormsecurity.org/files/17671/panda-sec.zip http://packetstormsecurity.org/files/17671/panda-sec.zip http://packetstormsecurity.org/files/17671/panda-sec.zip.html Sun, 23 Apr 2000 06:57:18 GMT Panda Security 3.0 for Windows 95 and 98 can be bypassed. Panda Security 3.0 is vulnerable to indirect registry key modifications, which allow Panda Security keys to be manipulated by any logged-on user. Because of a lack in system integrity checks, the entire software package could be uninstalled by a user. This zipfile contains demonstration exploit code.