Screen 3.9.5 and below local root exploit for Linux. Tested against SuSE 6.1.
b32cf02872905afa005ea30d36475fca569d44e349e023f5c0478a9e94373d11GLIBC 2.1 language local root exploit. Includes bypassing Solar Designer Stack Patch. Tested against Debian 2.1/2.2, exploits Glibc and /usr/bin/msgfmt.
7595e563137275d49fd68534ecc6196a233a1a24803e1370fc47ba2aae3be20cSuSE Security Advisory - The default package selection in SuSE distributions includes apache. The configuration file that comes with the package allows remote users to read the cgi script sources of the server, and webDAV is installed by default with no access control or authentification activated.
f92847ba2aff6bdbefd20587d7b2ffb12c18a8eeec48d3170b3b886b024544adRed Hat Security Advisory - Several bugs were discovered in glibc which could allow local users to gain root privileges. The dynamic linker ld.so uses several environment variables like LD_PRELOAD and LD_LIBRARY_PATH to load additional libraries or modify the library search path. It is unsafe to accept arbitrary user specified values of these variables when executing setuid applications, so ld.so handles them specially in setuid programs and also removes them from the environment.
c56e6a68d94a860ba61c14d5115dfc7beb33462dc20aa809eefbc8eac9ed1a58Gopher2.3.1p0 and below has many overflowable functions in the daemon. Most of them overflow with hardcoded data that gets passed along - making it not possible to change any pointers. The "halidate" function contains an exploitable buffer overflow - exploit code for linux included. Note: This is not related to the other vulnerability, authenticate.c, which has since been patched in 2.3.1p0. 2.3.1p0 is vulnerable to this.
c9a967732b2e2119e924d33a9e324290a5f84f712275f52f3cd713c43b128f87Packet Storm new exploits for August, 2000.
718ee7d2e3df69fb7f87a6ba8e72c51df427674f5b91539e482479e963c37ccbHelix Code Security Advisory - A vulnerability in Helix GNOME Update allow non-root users to exploit world-writable permissions on /tmp, permitting arbitrarily modified RPM packages to be installed on the system.
aeded11ecc986717940f3ea17245867e224b82196708139d8658b18fa93b426fmotion uses a video4linux device as a motion detector. It will make snapshots of the movement it sees, making it usable as an observation or security system. It can send out email, SMS messages, or invoke an external command when detecting motion.
430c6a7f743f91dd5a74fc44554634c0d0da5cfa5ebe61a40f41f38bdaf257bbBNC 2.6.4 remote denial of service exploit. Causes all users who are connected to IRC by BNC by exhausting the resources of the BNC server.
2b404efc7917d8d05e17566fbbda6f862e58ad17893ed5aac38f790bba57dbebLinux Advisory Watch for September 8th, 2000. Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for glibc, screen, apache, and suidperl from Caldera, Conectiva, Debian, Mandrake, Slackware, SuSE, and Trustix.
58e4fa5accfb242abf0994a96a96bd8ca1fa2451c8d22c4f82165eca1089d646CrucialADS v1.0 is a GUI based Alternate Data Stream scanning tool. Crucial ADS is designed to quickly and easily detect the presence of Alternate Data Streams in NTFS files and directories. NTFS files contain one primary stream, and, optionally, one or more alternate data streams. The problem is that NT comes with no utilities that list any stream other than the primary stream in a file. When viewing a directory with explorer, or using the dir command in cmd.exe, the information reported pertains to the primary stream only.
fcb5d7578d65029d6c0752c560951947acc45e678f0c390ee0e80a008283f550
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed