what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2002-12-24 to 2002-12-25

ms02-072
Posted Dec 24, 2002
Site microsoft.com

Microsoft Security Advisory MS02-072 - The Windows Shell has a serious buffer overflow in the routine that extracts attribute information from audio files which allows remote attackers to execute code with privileges of the user if you move your mouse pointer over an evil mp3 or wma file on a website, HTML email, or windows share. An HTML email could cause the vulnerable code to be invoked when a user opened or previewed the email.

tags | remote, overflow, shell
systems | windows
SHA-256 | d86a95f6a915a23475420a215b6ed7ac33bc04fa7b4378da86a89d551b5dec4e
tcpreplay-1.3.1.tar.gz
Posted Dec 24, 2002
Site sourceforge.net

Tcpreplay v1.3.1 - Tcpreplay is a set of tools aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.

Changes: Fixes a packaging problem that caused compilation issues on non-Linux systems.
tags | tool, arbitrary, protocol, intrusion detection
systems | unix
SHA-256 | cf8d14f671a7bbaff3ba7dcbbce941821833128c0d1de99f99442e4fc9e3092a
Kaspersky_review_11_18.doc
Posted Dec 24, 2002
Site relevanttechnologies.com

A detailed vendor analysis on Kaspersky's line of anti-virus products.

tags | paper, virus
SHA-256 | dcd5658f03d58162c654ec662ebc8ed80ff8aeaeb4082e994de480a9d8077dc0
chkrootkit-0.38.tar.gz
Posted Dec 24, 2002
Authored by Nelson Murilo | Site chkrootkit.org

Chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0.

Changes: chkdirs.c added. chkproc.c improvements. Now includes slapper B, sebek LKM, LOC, and Romanian rootkit detection. new test added: trojan tcpdump. Minor bug fixes in the chkrootkit script.
tags | tool, integrity, rootkit
systems | linux, netbsd, unix, solaris, freebsd, openbsd
SHA-256 | 05b375d49a739715ea4498dc8a321ce52be498a549605eb6d54a8b5313fadead
paketto-1.10.tar.gz
Posted Dec 24, 2002
Authored by Dan Kaminsky | Site doxpara.com

Paketto Keiretsu v1.10 implements many of the techniques described in recent here.

Changes: Now has OpenBSD and Solaris support. A new Distco mode actively discovers the distance to remote hosts by analyzing the TTL in returned TCP RST packets. Libnet was patched to pack its variables. Traceroute hopcount determination was improved.
systems | unix
SHA-256 | 13498ef49b79f95d1cbf4ebf15edde6b5cfdb5a67557b8060715b30fcab27b73
390portbind.c
Posted Dec 24, 2002
Site thc.org

s390 portbinding shellcode.

tags | shellcode
SHA-256 | 344e930b71df966fbc37c29847a265ae01cb92a42221e8d56a30396e45ffba56
390execve.c
Posted Dec 24, 2002
Site thc.org

Setuid/setgid 0 execve s390 shellcode.

tags | shellcode
SHA-256 | 65769f10c91ac451665b38642805acbc23ac57edac57f1edbba9271bc21c8f9d
390connectback.c
Posted Dec 24, 2002
Site thc.org

s390 shellcode which connects back to a listening netcat on port 31337 by default.

tags | shellcode
SHA-256 | b920ec83e92bca3076d999d7ea4500ee8983d04e6148747a27b9af19517eccf1
390chroot.c
Posted Dec 24, 2002
Site thc.org

s390 shellcode which breaks out of a chrooted environment with setuid / setgid.

tags | shellcode
SHA-256 | e3f9efa4615b4277df91dd3cff0774915e91ad53f73cef5f4c2c08ffd3ce05c7
mbof.c
Posted Dec 24, 2002
Authored by Innerphobia

Remote buffer overflow exploit for the melange chat server v1.10. Tested on SuSE 8.0 and Redhat 7.3.

tags | exploit, remote, overflow
systems | linux, redhat, suse
SHA-256 | 2ebf0d0384b1b15ad2931288e662c25760b2f664f21362f3c9bf4f12f2e1a27f
lsof_4.66.tar.gz
Posted Dec 24, 2002
Authored by Vic Abell

Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.

Changes: Implemented the HASNOSOCKSECURITY compile-time option which causes lsof to list only the user's open files, but will also list anyone else's open socket files, provided the "-i" option selects their listing. Added support for OpenBSD 3.2 and its kernel trace file. Improved lsof help (-h) and version (-v) information reporting. Upgraded True 64 UNIX support to the 5.1B release. Fixed a FreeBSD 4.7 and above off-by-two UNIX domain socket path termination bug.
tags | tool, intrusion detection
systems | unix
SHA-256 | db867d0e6e310e23da04844841f522950ee341f87a25a3aae55273ad35d9276d
burneye-1.0.1-src.tar.bz2
Posted Dec 24, 2002
Authored by teso | Site teso.scene.at

Burneye ELF encryption program 1.0.1 with full source and docs.

SHA-256 | c117ac7c00e0b953d484b0dd8e5b77ddc2954e0e0c1141a8773c681ea19aa56b
kadmin
Posted Dec 24, 2002

Krb 4-1.2 kadmind remote stack overflow remote root exploit for FreeBSD 4.x, BSD/OS 4.2, SUSE 8.0, OpenBSD 2.9 and 3.0, Slackware 8.0, and OpenWall 0.10.

tags | exploit, remote, overflow, root
systems | linux, freebsd, suse, bsd, slackware, openbsd
SHA-256 | c513133b6220f92e72287282cf3c8c7d473068419bbca7546a806fa93ef5a03d
telnetjuarez.c
Posted Dec 24, 2002
Authored by Leech

Fake Freebsd-4.6 remote telnetd setenv() heap overflow exploit which is very similar to 7350854.c.

tags | exploit, remote, overflow
systems | freebsd
SHA-256 | 07e888a3c669b4d4ce129cda0e38b2aa3279b9d87a5c25033370270aadc53308
cy.c
Posted Dec 24, 2002
Authored by Irian

Cyrus-imap v2.1.10 remote exploit. Tested against Slackware linux v8.0 with glibc-2.2.3 and kernel 2.4.19. Localhost IP is hard coded.

tags | exploit, remote, kernel, imap
systems | linux, slackware
SHA-256 | d60a10d34c05222525ab5cf814c721d41fde8727027687f8348116638be581ea
tcpdumpFBSD363.c
Posted Dec 24, 2002
Authored by Icesk

Tcpdump v3.6.3 remote root exploit. Tested against FreeBSD-4.6.

tags | exploit, remote, root
systems | freebsd
SHA-256 | c738ae09342cca2f263e6827dfaa5d34cca5a8098a2efa6c3adaa524156ad552
ifenslave.c
Posted Dec 24, 2002
Authored by v1pee//nerf | Site nerf.ru

Local /sbin/ifenslave buffer overflow exploit tested on Redhat 8.0.

tags | exploit, overflow, local
systems | linux, redhat
SHA-256 | b9e0e10a7a2ea847f5bc55ae0e24a42b4e1a28d15afff1711fff91baa314f29d
artyfarty.c
Posted Dec 24, 2002
Authored by Knight420

artyfarty.c is a local root /opt/kde/bin/artswrapper exploit tested against Slakware 8.1. Artswrapper is setuid on some distributions.

tags | exploit, local, root
SHA-256 | f9e583b433b0720faaf3c2b12a611faba7d90142b62ce3a2fceaf2691c89dc77
0x3a0x29wuim.c
Posted Dec 24, 2002
Authored by Dekadish

WU-IMAP v2000.287 linux/x86 remote root exploit. Tested against Debian 2.2. This code is also known as 7350owex.c.

tags | exploit, remote, x86, root, imap
systems | linux, debian
SHA-256 | 8df95acb30e9f414b6310ecf9b306c5f2adc266657fe297676044ba7ca022888
0x09wule.c
Posted Dec 24, 2002
Authored by Sunnyholer

0x09wule.c is a Linux/x86 wu-ftpd v2.6.2(1) remote root exploit. Tested against RedHat 7.2 running wu-ftpd-2.6.2(1) on the default install. Note: This exploit is reported to be old and does not work.

tags | exploit, remote, x86, root
systems | linux, redhat
SHA-256 | 502aea31745faeeab8856c6ce2be79e52527dc8975026f6c641587a3103b4baa
ES-Malaria.tar.gz
Posted Dec 24, 2002
Authored by electronicsouls, Brain Storm

ES-Malaria is a ptrace() injector.

tags | tool, rootkit
systems | unix
SHA-256 | 36d3fb1c48fc05a1b0e75c268e9fa73707421773ed806f8f0cb015c874a49a1e
hyperion.2.8.11.txt
Posted Dec 24, 2002
Authored by Securma Massine

The Hyperion FTP Server v2.8.11 and below for Windows 95/98/NT/2000 contains a buffer overflow in ftpservx.dll which allows remote code execution.

tags | advisory, remote, overflow, code execution
systems | windows
SHA-256 | a852a01717f525ea2029404cc63c43275bb34de7252eca8aec2116d4637f10b7
sneaky-sneaky-1.48.tar.gz
Posted Dec 24, 2002
Authored by phish

Sneaky-sneaky is a bidirectional spoofed ICMP tunnel backdoor that has built-in encryption and logging capabilities. It communicates via echo replies keeping the true source IP address encrypted inside of the payload.

Changes: Now with delays, decoys, timeouts and spoofing options.
tags | tool, spoof, rootkit
systems | unix
SHA-256 | 68642e29c750a07324bbd4b41c47ada6295fab5d3d2fd03cca555ec48dd88322
iDEFENSE Security Advisory 2002-12-23.t
Posted Dec 24, 2002
Authored by Zen-Parse, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.23.02 - Easy Software Products' Common Unix Printing System (CUPS) and Xpdf contains an integer overflow which allows local users to access to privileges of the lp user.

tags | advisory, overflow, local
systems | unix
SHA-256 | e81e2a28739ce0e03f0d90790fd5da01dbb23ef7ab8ffd101528dfb6b83c6577
sara-4.1.3.tgz
Posted Dec 24, 2002
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Added test for newdsn.exe, Microsoft IIS Executable File Parsing, Updated smb.sara to check for user enumeration, registry access, and guessable passwords, Updated to detect vulnerable mysql services, fixed bugs.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 8f025cf31750a12703c64a86eacd722bd5f5d51bb400edb7c5850782e15094d6
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close