what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files Date: 2001-02-09

squirt.tar.gz
Posted Feb 9, 2001
Authored by BigHawk

Squirt is a perl tool for finding and exploiting local buffer overflow vulnerabilities which is very configurable and platform independent. It is possible to exploit almost any local overflow on any system by providing the correct values as arguments (or brute forcing them), telling the program how the overflow must be triggered, and by eventually loading (system specific) desired shellcode.

tags | overflow, local, perl, vulnerability, shellcode
systems | unix
SHA-256 | 88278cfb3fbfb29856c07040e2ffd772e5316987021af405e4424e3215848f04
ssh_bypass.txt
Posted Feb 9, 2001
Site openbsd.org

OpenBSD Security Advisory - OpenSSH-2.3.1, a development snapshot, only checked if a public key for public key authentication was permitted. In the protocol 2 part of the server, the challenge-response step that ensures that the connecting client is in possession of the corresponding private key has been omitted. As a result, anyone who could obtain the public key listed in the users authorized_keys file could log in as that user without authentication. This vulnerability affects only OpenSSH version 2.3.1 with support for protocol 2 enabled. The latest official release OpenSSH 2.3.0 is not affected by this problem. The latest snapshot version OpenSSH 2.3.2 is not affected either. Fix available here.

tags | protocol
systems | openbsd
SHA-256 | 68fbfb4c37fcf6a2ccb203e9d14a67d3faefbbe5b690c673b4d718c46e3d1004
adv_ssh1crc.txt
Posted Feb 9, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.

tags | remote, overflow, arbitrary, root
SHA-256 | 72f0b876373954999b3e48c286d832d9874353833141a0ee8db15f4cd9b2c873
ssh1_deattack.txt
Posted Feb 9, 2001
Site core-sdi.com

ORE SDI Security Advisory CORE-20010207 - SSH1 CRC-32 compensation attack detector vulnerability. In 1998 a design flaw was fixed in SSH1 which allowed an attacker to inject malicious packets into an SSH session. In fixing this bug, a new vulnerability in deattack.c was created which allows remote attackers to execute arbitrary commands on the server. OpenSSH prior to v2.3.0 is vulnerable, as are ssh.com's ssh-1.2.24 through 1.2.31, and F-Secure SSH-1.3.x.

tags | remote, arbitrary
SHA-256 | fdc00415fdba450c4d5644f7ad33db0ce3a7dd4e86d112d5602ed9d33c296ded
ssh1_sessionkey_recovery.txt
Posted Feb 9, 2001
Site core-sdi.com

CORE SDI Security Advisory CORE-20010116 - SSH protocol 1.5 session key recovery vulnerability. An attacker who obtains all the encrypted packets of a session can obtain the session key and decrypt the stored session, or even alter it if it is still active. Some SSH2 servers which fall back to SSH1 are also vulnerable. OpenSSH and SSH2 from ssh.com is not vulnerable.

tags | protocol
SHA-256 | a78ea5475621a69079002d160cd0ae72cd81f9445059bac41af7e7560de10a54
angst-0.4b.tar.gz
Posted Feb 9, 2001
Authored by Invisibl | Site angst.sourceforge.net

Angst is an active packet sniffer, based on libpcap and libnet. Dumps into a file the payload of all the packets received on the specified ports. Two methods of active sniffing are implemented - Angst is able to monitor ARP requests, and after enabling IP forwarding on the local host, it sends ARP replies mapping all IPs to the local MAC address. In addition, it has the ability to flood the local network with random MAC addresses (like macof), causing switches to send packets to all ports. Tested on Linux and Free/Net/OpenBSD. Readme available here.

tags | tool, local, sniffer
systems | linux, openbsd
SHA-256 | 249850a9a68c4357d938e509aae3008f25196a7c756185ea9bcc9f5793422a9a
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close