Qmail-Scanner, (previously known as scan4virus) is an addon that enables a Qmail Email server to scan all gatewayed Email for certain characteristics. It is typically used for its anti-virus protection functions, in which case it is used in conjunction with commercial virus scanners, but also enables a site to react to Email (at a server/site level) that contains specific strings in particular headers, or particular attachment filenames or types.
124ce699954f47a4ad622d28bac3e15b7b0b779bfa4478b4f3000b4a54835b89Debian Security Advisory - Hacksware reported a buffer overflow in the AFS packet parsing code in ethereal. Gerald Combs then found more overflows in the netbios and ntp decoding logic as well. An attacker can exploit those overflows by sending carefully crafted packets to a network that is being monitored by ethereal. This has been fixed in version 0.8.0-2potato and we recommend you upgrade your ethereal package immediately.
93f50aa785393b7baef6130cf1a2d807b98f2636af7cc8700005d24144d768a7Rkit is a backdoor based on blackhole.c which listens on a TCP port and requires a password.
a3124941b9cd2c830b6ca68a4cb058ebbd58ddf9da9fe6b3682fdcf6017971cbFreeVSD facilitates true Linux Virtual Servers within a 'chroot' environment, allowing Web servers and other applications to be deployed and administered discretely, without compromise to security. Each Virtual Server has its own IP address(es), Apache webserver, and view of the process table. FreeVSD expands the Linux system by creating a pseudo-'super user' (admin) for each Virtual Server. The admin user has the ability to create extra POP3/FTP and Telnet users and also administrate vital services such as the webserver.
e48052623b065d6b2bd38b85d3b0721e273a13c8ec359b973269e05d9232ca7eCERT Quarterly Summary for November, 2000 - Since the last regularly scheduled CERT summary, issued in August (CS-2000-03), we have seen continued compromises via rpc.statd and FTPd. We have also seen a number of sites compromised by exploiting a vulnerability in the IRIX telnet daemon. Notable virus activity includes the Loveletter.as worm and the QAZ worm.
e8488c9895d8d674123d6fae983a30e4fa01369e7a25ab353192c987dd4546eeCGIForum v1.0i (cgi-bin/cgiforum.pl) allows remote users to view any file on the system via a ../.. bug.
54a31d246b1ce0df322a76314cf66492c32c1c40d5388c5187fc9b897b0070faBitchX v1.0c16 remote exploit. Tested against Redhat 6.0, 7.0, and Debian 2.2.
f60db0f8af808e077c41cddcfbc5286c210560d141961d680824e2410e37b026Glibc 2.1 + /bin/su local root exploit. Tested on Redhat 6.2, 6.1, and SuSE 6.2.
3b8551005bb76b0f86b59553d698f22a5a05b785634f1f4f7e8c60bdb0459e09Red Hat Security Advisory - Ethereal prior to v0.8.14 allow remote root compromise.
08ce870b0a83f42cf086106e856eb6e7b15629e040e331549bfa6b3469222631Microsoft SQL Server Extended Stored Procedure remote proof of concept exploit. Affects MS SQL Server 7.0 and MS SQL Server 2000 for Windows NT 4.0 / 2000.
5fd70a776c270907c1dab025d719f1bc0ed94cb93096e57c8d76c639e5402a46Atstake Security Advisory A120100-1 - Microsoft's database server, known as SQL Server, contains several buffer overruns vulnerabilities that can be remotely exploited to execute arbitrary computer code on the affected system, thus allowing an attacker to gain complete control of the server. In situations where the SQL Server is protected by a firewall, it may still be possible to launch this attack through a connecting web server - though this depends on how secure the web server's application is. Proof of concept code available here.
7a62c36595e25982e5eb61be78940b169d48a8771ddd9252d29796af5fbdf890Atstake Security Advisory A120100-2 - This advisory details multiple vulnerabilities in Microsoft SQL Server 2000 that allow an attacker to run arbitrary code on the SQL server in the context of a local administrator account. SQL Server provides a mechanism by which a database query can result in a call into a function called an "extended stored procedure". Several extended stored procedures supplied with SQL Server 2000 are vulnerable to buffer overflow attacks. Furthermore, in a default configuration these extended stored procedures can be executed by any user. Proof of concept code available here.
ec739fab767d599a0ee58f32f2ff762f3b6dfc21601af5994abc47bc96a9b5ecSQL2KOverflow.c - This code creates a file called 'SQL2KOverflow.txt' in the root of the c: drive. Requires a SQL username and password.
fee58ba23f9c0ccef37684361da716327f6fff17eb2a15ff91fee59fd97842a4SuSE Security Advisory - SuSE Security Advisory - Two security problems exist in the netscape packages shipped with SuSE Linux distributions. The first one involves improper verification in Netscape's jpeg processing code that can lead to a buffer overflow where data from the network can overwrite memory. The second involves an error in the java implentation in Netscape where it is possible for an attacker to view files and directories with the priviledge of the user running Netscape if the user visits a maliciously crafted web site. Upgrade to 4.76!!! SuSE security site here
61dde4dec669baaf20d6eb539ece6a6596516754149c44442fa7f01e5e572daehttpg.asm - uses the WinInet module to download and execute a file. Assembles to 432 bytes.
f38ce51f52b56093fdca364765ddee243705e2e14c1c55218b8c4b800850df8bMicrosoft Security Bulletin (MS00-091) - Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows NT 4.0 and a recommended workaround for Windows 95, 98, 98 Second Edition, and Windows Me. The vulnerability allows malicious users to pause networking or sometimes crash the entire system by sending a flood of specially malformed TCP packets to port 139. Microsoft FAQ on this issue available here.
ce5c2678c8cfc6835761849b44db34097dd30146db7d353cb1af43f7dc9c06acA-Snif is a simple packet sniffer, for learning.
68ca08c3d245a3407496e7357066f73bae641a99f872879772ea1639cea1f8dcA backdoor that lets you to reach root/user account shells over tcp channel using a procedure of callback initialized by a ICMP packet.
40e1119a0fca835029b7c2e85d6c6ccbafd0692913e49dbf4cb0fc3fcd93b5e6A backdoor that allows you to keep remote access to a shell on a LAN protected by masquerading, getting rid of the inability for non public address to listen to a port reachable from the Internet.
29be45ccba804fa0c6bfb2986291c1421597806abbb6a883bcab55b5e7b39b05Simple pcap dumper (just to learn on how to use libpcap).
a93ec3a12606796270a47d4527dbb14a533534642b2fd820eeabd953bd8ab9a2RIAL is a lkm based rootkit which can hide processes, files, directories, LKMs, connections and file parts. While some of these are present in a large number of lkms, connections and file-parts hiding are new ideas, or at least i couldn't find any lkm which had them. All the processes, files, directories and lkms containing in their name the string defined in HIDE are hidden. Reading from /proc/net/tcp is intercepted and read data is filtered to hide some connections.
0f613b9d4f81d8b3f6acffc00433bc7a4e8b77ae76594327618483d6a1c8ee8fHost Control Library (hcl) implements dynamic host based control, Giving apps rsh-like trusting. Features the ability to learn and record a defined maximum number of hosts for users.
105ec761854e3c72f4132d42ce0543b589d559d2e638148f16cf6ed04be089134to6ddos is a distributed denial of service against ipv6 that works without installing ipv6 support. It shoots ipv6 encapsulated in ipv4 packets directly to the ipv4-to-ipv6 tunnels.
c0dbe725adf9a7ce51d22acf6661a36697b83d2a33a2cb06672b6a36c2282ce7Route Faker adds an extra hop to the result when someone traceroutes to you.
c6e6b154dd1329f3c79d0ba9667393dd5417727c101e0755563ff9d899054002FPF is a lkm for Linux which changes the TCP/IP stack in order to emulate other OS's TCP fingerprint. The package contains the lkm and a parser for the nmap file that let you choose directly the os you want.
bcc76c9851a69009bf74d505e657a312772e80b7ff657d12821a4290e44b1042
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed