Packet Storm new exploits for April, 2000.
063609eadb0e169808e0743f8b4a5163How AustNet's Virtual World was hacked to reveal users real IP. Slightly crippled demonstration code included. Lots of information on the austnet hack available here.
2656c2b54f61633943b715f088369b39Smart FTP v0.2 Beta denial of service.
2b412e4c038fbd930e061707c11085dbfgets() is unsafely used in qpopper version 2.53.
d8c98f6f77bed4579d8a40dcbe530673Meeting Maker is a networked calendaring/scheduling software package that's estimated to be installed on over 700,000 desktops. Clients send passwords to a Meeting Maker server encoded using a polyalphabetic substitution cipher. Included perl script will decode passwords sent over the net.
6aa12572911a2db11e972569d941f6aa/usr/bin/lpset vulnerability in Solaris/SPARC 2.7.
54d2bd2b4f12959c9ef21f1ec38d019bredhat 6.1 /usr/bin/man exploit.
615c44e4e6b424aeadbc606befd53fa1Solaris 2.7 /usr/bin/lp local exploit, i386.
d6d4028df3254b92a693b7db70dd2cedxsun2.c is a Solaris 7 x86 local root stack overflow for /usr/openwin/bin/Xsun.
86c69c7b9a4bfb93d65ad4dae756f4f5/usr/bin/lpset local root exploit for sparc.
039315a1ae2ffc9d35d71111e4ad05b9imwheel local root exploit (as discussed in RHSA-2000:016-02).
3921848bcb87f1605cb4c04cd19564baVulnerability found in cgi DNEWSWEB used for reading news groups from web. Its possible to overflow stack and read any file from remote host with web server rights. All versions and for all OSes exploitable. Example of reading file /etc/passwd for Linux included. Fixed in dnews 5.4c1, available here.
7fecf06e0095216f42b4c27cdb41a8d8dig v2.2 local buffer overflow exploit for x86 linux. Note that dig isn't suid/sgid on some platforms, yet on some it is.
64d48db2681ea2a2b39db0e4c5ed0534imapd IMAP4rev1 v10.205 remote root exploit, solaris x86. Exploits the AUTHENTICATE overflow, yielding a remote root shell.
17dccafa4023b4e90eca4080fb7fb349rpc.nisd remote root overflow, solaris 2.4 x86. Solaris 2.5.0 and 2.5.1 work with different offset.
1e55d0eb740d2466af259ef2a0568bb1/usr/bin/lpset local root stack overflow for Solaris 7, x86.
93e3c382eb49fce68e2608335d7a11ecxsun.c is a Solaris 7 x86 local root stack overflow for /usr/openwin/bin/Xsun.
bd086d8cbf97cd7d1167f0621b4bd3c4FreeBSD mtr-0.41 local root exploit.
7b6ccfe86d1f9d39294cd7b5818c56f8LCDproc is a system to display system information and other data on an LCD display which uses client / server communication. The server is vulnerable to remote buffer overflow allowing an attacker to remotely execute arbitrary code or cause the LCDproc server to crash. Patch available here.
d659767f43f807e3f6919db9b7d1e893Windowmaker 0.62.0 buffer overflow exploit - Although wmaker is not suid by default, this code will overflow the $DISPLAY environment variable.
3f08be271096f2c04f704b572c3aff07Microsoft Frontpage CERN Image Map Dispatcher (/cgi-bin/htimage.exe) comes by default and has three vulnerabilities. The full path to the root directory is revealed, a buffer overflow was found - remote code execution may be possable, and files on the server may be accessed.
30a39ddb21f13f12d191f2d54852f646Novell Netware 5.1 Remote Administration Service contains a buffer overflow that could allow an attacker to launch a denial of service attack against the system, or possibly inject code into the operating system for execution. DoS exploit included.
9bb4f32c519d5e9f52e8f2d2e59aa7daRUS-CERT Advisory 200004-01: GNU Emacs 20 - Several vulnerabilities were discovered in all Emacs versions up to 20.6, including allowing unprivileged local users to eavesdrop the communication between Emacs and its subprocesses, Emacs Lisp tempfile problems, and the history of recently typed keys may expose passwords. The following systems were tested vulnerable: Linux, FreeBSD (and probably other *BSD variants), HP-UX 10.x, 11.00, and AIX 4. Solaris and DG/UX are unaffected.
3bc2e5edea809f6d4512ec0a69c133d0BindView RAZOR Team Analysis of DVWSSR.DLL - The risks of having dvwssr.dll are not as severe as originally reported in media outlets Friday morning, but still severe enough that system administrators responsible for NT systems to investigate. The risks involve whether or not a certain DLL is loaded, how rights are set, and potentially how Front Page 98 is used.
741bdf7a183e2d3d358a281a462d6d51Panda Security 3.0 for Windows 95 and 98 can be bypassed. Panda Security 3.0 is vulnerable to indirect registry key modifications, which allow Panda Security keys to be manipulated by any logged-on user. Because of a lack in system integrity checks, the entire software package could be uninstalled by a user. This zipfile contains demonstration exploit code.
207e284fd9c737d880eb2eb5599effef
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed