what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2000-10-15

ipchains-firewall-1.7.2.tar.gz
Posted Oct 15, 2000
Authored by Ian Hall-Beyer | Site ipchains.nerdherd.net

ipchains-firewall is an easily-configurable shell script to establish masquerading and firewalling rules using ipchains. The package contains a script to establish firewalling for a single machine connected to the network without masquerading, a script to establish firewalling for a system acting as a router routing to non-private IP space, a script to establish firewalling and masquerading for a system acting as a router routing to private IP address space, and one to establish firewalling and masquerading for a system acting as a router, routing to multiple RFC1918 subnets over multiple interfaces. The distribution also includes a copy of midentd v1.6, to enable identd over the masqueraded network.

Changes: Some minor bugfixes and the LPD port is now blocked due to recent vulnerabilities.
tags | tool, shell, firewall
systems | linux
SHA-256 | 5d4362c8b0d04146e35bf5b931889a8d54acde3887c33b453a5c8caa85075aa9
iptables-firewall-0.99-beta.tar.gz
Posted Oct 15, 2000
Site firewall.langistix.com

iptables-firewall, like its older cousin ipchains-firewall, is an easily-configurable shell script to establish NAT and firewalling rules using iptables. The script self-configures out of the box for IP addresses, netmasks, and interfaces. All that is needed is a commandline specification of external and internal interface names. It automatically determines type of firewall to set up (standalone, routing, or NAT) based on interface IP addresses. The distribution also includes a copy of midentd, to enable identd over the masqueraded network.

tags | tool, shell, firewall
systems | linux
SHA-256 | 06f9468af9dd2d8bc1b425969fc36b49b732e5ade37c4074ae2c28b4ae540baa
snoopy-1.2.tar.gz
Posted Oct 15, 2000
Authored by Mike Baker

Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity.

Changes: A fix for a very manacing bug.
systems | linux
SHA-256 | f74e6f6af72d2a400d679d8bc93728cd434905726ea4e09f0fd0c26ba20012b7
apache_1.3.14.tar.gz
Posted Oct 15, 2000
Site apache.org

Apache is the most popular webserver on the internet.

Changes: Mod_rewrite security fix, tightened up the syntax checking of Host: headers to fix a security bug in some mass virtual hosting configurations that can allow a remote attacker to retrieve some files on the system that should be inaccessible, uses "accept filtering" on recent versions of FreeBSD if the kernel is configured to support them, bug fixes and more portability.
systems | unix
SHA-256 | 399b4f0924bcbd989276eabec1a4ae4084d1d18ac9d4f70b42d7731c0f6483ed
openports-0.2.tar.gz
Posted Oct 15, 2000
Authored by Sven Darkman Michaels

OpenPorts is a simple script which can be run as a cron job every 5 minutes, checking the open and listening ports on the local system with netstat. If there is a difference since the last time it was run, an e-mail is sent to the system administrator containing the list of new open ports.

Changes: Better log analysis, and printing of only the changes.
tags | tool, local, intrusion detection
systems | unix
SHA-256 | 60423aeb267755589f09cad6d8bc6946481531a2e80e144bc472f246a53e4ca8
Linux IPTables Firewall
Posted Oct 15, 2000
Authored by Netfilter Core Team | Site iptables.org

Iptables is built on top of netfilter: the new packet alteration framework for Linux 2.4. It is an enhancement on ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects.

Changes: Matches are now compared in forwards order, IPv6 support was added. Bug fixes for Sparc and PPC.
tags | tool, firewall
systems | linux
SHA-256 | 21d19a9f48499609176d3b086ef3803a729cb2bba65dffc926a8bfae47afbb94
11logger-0.1.2.tar.gz
Posted Oct 15, 2000
Authored by Antirez | Site kyuzz.org

11logger is a small kernel patch, a module and some userspace tools to add SIGSEGV logging and history capabilities to Linux 2.2.x. 11logger is very useful in security auditing and general debugging.

tags | kernel
systems | linux
SHA-256 | 16a2deda4d7f22cac71d863f6d93c04fc6abe8da405674697924aa3cc2d3ff4b
Hacking UNIX For Beginners
Posted Oct 15, 2000
Authored by Slash | Site securologix.com

Hacker Resource

tags | paper
systems | unix
SHA-256 | d3373e3085eee17158efbab065b64284edf383a1820f996100892f19c3b732d6
axsploit.pl
Posted Oct 15, 2000
Authored by Xcript | Site rhs-ck.com

AnalogX 1.1 contains remotely exploitable buffer overflows, as reported in USSR Advisory #29. This perl script will crash the server.

tags | denial of service, overflow, perl
SHA-256 | 1bdccecd24f11ee629b770cad98d4f87a53a2f4ce8e4179a6711e1acf4e37d8f
gdmurder.txt
Posted Oct 15, 2000
Site dragon.hack.tc

GDM local root and/or denial of service attack, tested on Red Hat 6.2. Requires console access.

tags | exploit, denial of service, local, root
systems | linux, redhat
SHA-256 | 0152f01fe95821ca442a86d5040d00c6f94af97c5ed3d54f2c0d85ef0541b8d8
srm-1.2.0.tar.gz
Posted Oct 15, 2000
Authored by Matthew Gauthier | Site srm.sourceforge.net

secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.

Changes: This should be a final stable release unless more bugs are found.
systems | unix
SHA-256 | f25e260715bd4a2ebcbf96ed0aa7f9a18588ee6b7f47e00811becd149b4e028c
Unverified_Fields_1.0.pdf
Posted Oct 15, 2000
Authored by Ofir Arkin | Site sys-security.com

The following problem (as discussed in this paper) has not yet been identified. Certain firewalls today, will not authenticate the validity of certain protocol fields within the packet they are processing. The risk is exposure of information, mainly unique patterns of behavior produced by the probed machines answering our crafted queries. Those patterns will help a malicious computer attacker to identify the operating systems in use. Postscript version available here.

tags | paper, protocol
SHA-256 | 01f95aa24a6313bdb216740349840e313f3e263f418774043ced01d6a4d91d56
debian.php4.txt
Posted Oct 15, 2000
Site debian.org

Debian Security Advisory - In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server.

tags | web, php
systems | linux, debian
SHA-256 | e031d1ac0242a6c7e919fe15518e47dc9411ec40b6e045152efdfb901bee5c15
debian.php3.txt
Posted Oct 15, 2000
Site debian.org

Debian Security Advisory - In versions of the PHP 3 packages before version 3.0.17, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server, particularly if error logging was enabled.

tags | web, php
systems | linux, debian
SHA-256 | dd9e1294b5f3f1834b54ecd3f83b50d6ee1121239f0aae1a9014b88f4d4ea474
debian.nis.txt
Posted Oct 15, 2000

The nis package that was distributed with Debian GNU/Linux 2.1 has a couple of problems which have been fixed in version 3.5-2. We recommend you upgrade your nis package immediately. Debian security homepage here.

systems | linux, debian
SHA-256 | e31ce655c74265d1033cb65a4ab3ff5b2e5a6f8d377f54600b58b8ad993a51f2
ms00-077
Posted Oct 15, 2000

Microsoft Security Bulletin (MS00-077) - Microsoft has released a patch that eliminates a security vulnerability in NetMeeting, an application that ships with Windows 2000 and is also available for Windows NT 4.0. The vulnerability allows a malicious user to deny service to a NetMeeting server. Microsoft FAQ on this issue available here.

systems | windows
SHA-256 | 3c668e9e0ef4c2472401d28101f1e4541a99dd6185589b9f9706e5803eb6eb01
debian.curl.txt
Posted Oct 15, 2000
Site debian.org

Debian Security Advisory - The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code: when it created an error message it failed to check the size of the buffer allocated for storing the message. This could be exploited by the remote machine by returning an invalid response to a request from curl which overflows the error buffer and trick curl into executing arbitrary code.

tags | remote, overflow, arbitrary
systems | linux, debian
SHA-256 | b4546e53189726ce86a3b698d2a39926c6eabfb3a4c4ab5225418a919e65a44a
FreeBSD Security Advisory 2000.57
Posted Oct 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:57 - The muh port, an IRC bouncer, versions 2.05c and below contains a vulnerability which allows remote users to gain the privileges of the user running muh. This is accomplished by sending a carefully crafted exploit string containing string format operators to a user using muh but who is not connected. When the user reconnects and executes '/muh read', muh will allow the remote attacker to execute arbitrary code as the local user.

tags | remote, arbitrary, local
systems | freebsd
SHA-256 | 8f36eb60edcb01ea36fa29e159e50ecf301ee4326c181259fc41a4249d047569
FreeBSD Security Advisory 2000.56
Posted Oct 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:56 - The LPRng port, versions prior to 3.6.24, contains a vulnerability in syslog() which allows remote and local root compromise.

tags | remote, local, root
systems | freebsd
SHA-256 | 383a13988913ece81c3d550a90cc2d095ebcae22e3dc9547ad51506fae541281
FreeBSD Security Advisory 2000.55
Posted Oct 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:55 - The xpdf port, a PDF viewer for X, contains a race condition which allows local users to overwrite arbitrary files as the user running xpdf. Additionally no shell metacharacter checking is done when visiting URLs.

tags | arbitrary, shell, local
systems | freebsd
SHA-256 | fffc0e765e6068b8f2afe53e82d8918165e1e3bcbe5fa3d10ea50b7380a44a68
FreeBSD Security Advisory 2000.54
Posted Oct 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:54 - Shortly before the release of FreeBSD 4.1.1, code was added to finger(1) intended to allow the utility to send the contents of administrator-specified files in response to a finger request. However the code incorrectly allowed users to specify a filename directly, the contents of which would be returned to the user.

systems | freebsd
SHA-256 | 4b5af2dc80b56a25748f70615e7b9bee970529fb40be4967c4a47cf39c2e6d1e
debian.traceroute.txt
Posted Oct 15, 2000
Site debian.org

Debian Security Advisory - In versions of the traceroute package before 1.4a5-3, it is possible for a local user to gain root access by exploiting an argument parsing error.

tags | local, root
systems | linux, debian
SHA-256 | 96b99378a5e3df437c75a80827f0afcb8530f3b641e7bacf61037b6d1b4673a8
ms00-076
Posted Oct 15, 2000

Microsoft Security Bulletin (MS00-076) - Microsoft has released a patch that eliminates the "Cached Web Credentials" security vulnerability in Internet Explorer, which allows malicious users to obtain another user's userid and password to a web site. Microsoft FAQ on this issue available here.

tags | web
SHA-256 | da1c3e8d0916bf749858b704179dabc4b0d8870ddade71fd331d032ce13a8ede
SLA-17.Anaconda.txt
Posted Oct 15, 2000
Authored by synnergy, Kostas Petrakis | Site synnergy.net

Synnergy Laboratories Advisory SLA-2000-17 - A flaw in Linux/UNIX Anaconda Foundation Directory, a yahoo style search engine based on the Open Directory Project allows remote users to traverse the webservers filesystem, allowing arbitary files to be read by appending a trailing NULL byte in URL encoded format. Exploit URL included.

tags | exploit, remote
systems | linux, unix
SHA-256 | 114471e6a48ade395cf5dd9910cfbb9ebc5b97960e372c164656001a5ddd2840
GMCreator-v0.2.zip
Posted Oct 15, 2000
Authored by 6 Inch Taint

Godmessage Creator allows you to implement the Godmessage IV activeX attack with any binary you supply. Archive password is set to p4ssw0rd. Use at your own risk.

Changes: Max file size increased to 26000 bytes, Optimized godmessage code, remove unnessisary chars to make file smaller and raise onz.exe size limit, the ability to dynamically create godmessage from user supplied html file.
tags | trojan, activex
SHA-256 | 05516f6b41a3b42bf1118a69b356c3c549d89a355493f0ccc97d4bda177ac489
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close