Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:02:24 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1928885687&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=UDP%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fudp%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1928885687.1338192144.1338192144.1338192144.1%3B%2B__utmz%3D32867617.1338192144.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112951/nmap-6.00.tgz http://packetstormsecurity.org/files/112951/nmap-6.00.tgz http://packetstormsecurity.org/files/112951/Nmap-Port-Scanner-6.00.html Tue, 22 May 2012 04:00:28 GMT Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. http://packetstormsecurity.org/files/111173/dsa-2442-1.txt http://packetstormsecurity.org/files/111173/dsa-2442-1.txt http://packetstormsecurity.org/files/111173/Debian-Security-Advisory-2442-1.html Mon, 26 Mar 2012 20:36:27 GMT Debian Linux Security Advisory 2442-1 - It has been discovered that spoofed "getstatus" UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine (such as openarena). These servers respond with a packet flood to the victim whose IP address was impersonated by the attackers, causing a denial of service. http://packetstormsecurity.org/files/110822/cisco-sa-20120314-asa.txt http://packetstormsecurity.org/files/110822/cisco-sa-20120314-asa.txt http://packetstormsecurity.org/files/110822/Cisco-Security-Advisory-20120314-asa.html Thu, 15 Mar 2012 03:02:43 GMT Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) are affected by the following vulnerabilities: * Cisco ASA UDP Inspection Engine Denial of Service Vulnerability * Cisco ASA Threat Detection Denial of Service Vulnerability * Cisco ASA Syslog Message 305006 Denial of Service Vulnerability * Protocol-Independent Multicast Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities. http://packetstormsecurity.org/files/109641/citrix_streamprocess_data_msg.rb.txt http://packetstormsecurity.org/files/109641/citrix_streamprocess_data_msg.rb.txt http://packetstormsecurity.org/files/109641/Citrix-Provisioning-Services-5.6-SP1-Streamprocess-Opcode-0x40020000-Buffer-Overflow.html Fri, 10 Feb 2012 22:33:19 GMT This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3. http://packetstormsecurity.org/files/109567/trixd00r-0.0.1.tar.gz http://packetstormsecurity.org/files/109567/trixd00r-0.0.1.tar.gz http://packetstormsecurity.org/files/109567/trixd00r-0.0.1.html Wed, 08 Feb 2012 22:19:13 GMT trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell. http://packetstormsecurity.org/files/108955/pkd-1.10.tgz http://packetstormsecurity.org/files/108955/pkd-1.10.tgz http://packetstormsecurity.org/files/108955/IPT_PKD-Iptables-Port-Knocking-Detection-1.10.html Mon, 23 Jan 2012 00:43:45 GMT ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent. http://packetstormsecurity.org/files/108559/ZDI-12-011.txt http://packetstormsecurity.org/files/108559/ZDI-12-011.txt http://packetstormsecurity.org/files/108559/Zero-Day-Initiative-Advisory-12-011.html Wed, 11 Jan 2012 07:32:13 GMT Zero Day Initiative Advisory 12-011 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 32779. When decoding the xdr encoded caller_name from an NLM_TEST procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system. http://packetstormsecurity.org/files/108557/RHSA-2012-0010-01.txt http://packetstormsecurity.org/files/108557/RHSA-2012-0010-01.txt http://packetstormsecurity.org/files/108557/Red-Hat-Security-Advisory-2012-0010-01.html Wed, 11 Jan 2012 07:29:41 GMT Red Hat Security Advisory 2012-0010-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A malicious CIFS server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload functionality on were handled could allow a remote attacker to cause a denial of service. http://packetstormsecurity.org/files/108556/ZDI-12-010.txt http://packetstormsecurity.org/files/108556/ZDI-12-010.txt http://packetstormsecurity.org/files/108556/Zero-Day-Initiative-Advisory-12-010.html Wed, 11 Jan 2012 07:29:05 GMT Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM. http://packetstormsecurity.org/files/108553/ZDI-12-009.txt http://packetstormsecurity.org/files/108553/ZDI-12-009.txt http://packetstormsecurity.org/files/108553/Zero-Day-Initiative-Advisory-12-009.html Wed, 11 Jan 2012 07:17:55 GMT Zero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM. http://packetstormsecurity.org/files/108538/ZDI-12-008.txt http://packetstormsecurity.org/files/108538/ZDI-12-008.txt http://packetstormsecurity.org/files/108538/Zero-Day-Initiative-Advisory-12-008.html Tue, 10 Jan 2012 13:13:00 GMT Zero Day Initiative Advisory 12-08 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component which listens for UDP traffic on multiple ports, beginning with 6905. When handling a packet which requests a vDisk name, the user-supplied length value is not properly validated. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. http://packetstormsecurity.org/files/108401/ZDI-12-007.txt http://packetstormsecurity.org/files/108401/ZDI-12-007.txt http://packetstormsecurity.org/files/108401/Zero-Day-Initiative-Advisory-12-007.html Fri, 06 Jan 2012 00:25:10 GMT Zero Day Initiative Advisory 12-07 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP and TCP port 32778. When decoding the xdr encoded data from an STAT_NOTIFY procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system. http://packetstormsecurity.org/files/108397/sniffer-2012-01-05.tar.gz http://packetstormsecurity.org/files/108397/sniffer-2012-01-05.tar.gz http://packetstormsecurity.org/files/108397/Stev.Org-Sniffer.html Fri, 06 Jan 2012 00:15:52 GMT This sniffer has an ncurses user interface, network statics for many different protocols, a view into active TCP connections, UDP packets, ICMP packets, and more. http://packetstormsecurity.org/files/108394/ZDI-12-006.txt http://packetstormsecurity.org/files/108394/ZDI-12-006.txt http://packetstormsecurity.org/files/108394/Zero-Day-Initiative-Advisory-12-006.html Fri, 06 Jan 2012 00:12:36 GMT Zero Day Initiative Advisory 12-06 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 2049. When decoding the xdr encoded filename from an NFS_RENAME procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system. http://packetstormsecurity.org/files/108190/gnunet-0.9.1.tar.gz http://packetstormsecurity.org/files/108190/gnunet-0.9.1.tar.gz http://packetstormsecurity.org/files/108190/GNUnet-P2P-Framework-0.9.1.html Tue, 27 Dec 2011 17:47:11 GMT GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing. http://packetstormsecurity.org/files/108013/ZDI-11-350.txt http://packetstormsecurity.org/files/108013/ZDI-11-350.txt http://packetstormsecurity.org/files/108013/Zero-Day-Initiative-Advisory-11-350.html Mon, 19 Dec 2011 23:10:13 GMT Zero Day Initiative Advisory 11-350 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Enterasys Netsight. Authentication is not required to exploit this vulnerability. The flaw exists within the nssyslogd.exe component which listens by default on UDP port 514. When parsing a new syslog message the process attempts to copy the PRIO field to an intermediate variable. The process does not properly validate the size of the destination buffer and blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. http://packetstormsecurity.org/files/107436/gnunet-0.9.0.tar.gz http://packetstormsecurity.org/files/107436/gnunet-0.9.0.tar.gz http://packetstormsecurity.org/files/107436/GNUnet-P2P-Framework-0.9.0.html Thu, 01 Dec 2011 01:05:32 GMT GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing. http://packetstormsecurity.org/files/106873/winnuke2011.sh.txt http://packetstormsecurity.org/files/106873/winnuke2011.sh.txt http://packetstormsecurity.org/files/106873/MS11-083-Denial-Of-Service.html Sat, 12 Nov 2011 00:44:26 GMT MS11-083 denial of service proof of concept exploit. It attempts to trigger the ICMP refCount overflow in TCP/IP stack of Win7/Vista/Win2k8 hosts. This requires sending 2^32 UDP packets to a host on a closed port, or 4,294,967,296 packets. A dereference function must be called that is not triggered via UDP but ICMP echo packets. This exploit creates 250 threads and floods a host with UDP packets and then attempts to trigger the de-ref using ping. http://packetstormsecurity.org/files/105393/cisco-sa-20110928-ipsla.txt http://packetstormsecurity.org/files/105393/cisco-sa-20110928-ipsla.txt http://packetstormsecurity.org/files/105393/Cisco-Security-Advisory-20110928-ipsla.html Wed, 28 Sep 2011 21:57:32 GMT Cisco Security Advisory - The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability. http://packetstormsecurity.org/files/105141/ESA-2011-029.txt http://packetstormsecurity.org/files/105141/ESA-2011-029.txt http://packetstormsecurity.org/files/105141/EMC-Ionix-Products-Buffer-Overflow.html Thu, 15 Sep 2011 18:39:44 GMT Multiple EMC Ionix products contain a buffer overflow vulnerability. The vulnerability may allow a remote unauthenticated user to send a specially-crafted message over TCP or UDP to cause a denial of service or, possibly, execute arbitrary code. http://packetstormsecurity.org/files/102709/nmap-5.59BETA1.tgz http://packetstormsecurity.org/files/102709/nmap-5.59BETA1.tgz http://packetstormsecurity.org/files/102709/Nmap-Port-Scanner-5.59BETA1.html Fri, 01 Jul 2011 13:25:47 GMT Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. http://packetstormsecurity.org/files/101662/USN-1133-1.txt http://packetstormsecurity.org/files/101662/USN-1133-1.txt http://packetstormsecurity.org/files/101662/Ubuntu-Security-Notice-USN-1133-1.html Wed, 25 May 2011 05:18:36 GMT Ubuntu Security Notice 1133-1 - Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. http://packetstormsecurity.org/files/101482/ZDI-11-168.txt http://packetstormsecurity.org/files/101482/ZDI-11-168.txt http://packetstormsecurity.org/files/101482/Zero-Day-Initiative-Advisory-11-168.html Tue, 17 May 2011 02:18:50 GMT Zero Day Initiative Advisory 11-168 - This vulnerability allows remote attackers to register RPC services on vulnerable installations of EMC Legato Networker and IBM Informix Dynamic Server. Authentication is not required to exploit this vulnerability. The flaw exists within the librpc.dll component which listens by default on UDP port 111. When handling the pmap_set request the process verifies the source address is "127.0.0.1". This communication is via UDP and a valid source address is not required, a udp packet from source address "127.0.0.1" can be created sent to this service allowing a remote attacker to register and unregister RPC services. A remote attack can use this vulnerability to create a denial of service condition or eavesdrop on process communications. http://packetstormsecurity.org/files/101279/ZDI-11-166.txt http://packetstormsecurity.org/files/101279/ZDI-11-166.txt http://packetstormsecurity.org/files/101279/Zero-Day-Initiative-Advisory-11-166.html Tue, 10 May 2011 18:44:04 GMT Zero Day Initiative Advisory 11-166 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the imcsyslogdm.exe component which listens by default on UDP port 514. When handling a syslog packet having a size larger than 2048 bytes the process attempts to exit. An exception handler is called that makes a call into a location that has been previously freed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. http://packetstormsecurity.org/files/101278/ZDI-11-165.txt http://packetstormsecurity.org/files/101278/ZDI-11-165.txt http://packetstormsecurity.org/files/101278/Zero-Day-Initiative-Advisory-11-165.html Tue, 10 May 2011 18:43:51 GMT Zero Day Initiative Advisory 11-165 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling the opcode word of a packet the process uses this value as a lookup into a function pointer table. The process then calls into the calculated address. By supplying a large or invalid value a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.