Packet Storm new exploits for April, 2001.
65315bb0b6099178d43574302c335902Novell Border Manager Enterprise Edition 3.5 remote denial of service attack. Sends 256+ SYN's to TCP port 353.
8695675d22aea76b6602e26ae4c3856dAndrisk Security Advisory 2# - Cerberus FTP Server 1.05 for Windows 9x/NT allows remote users without accounts to view any file on the server.
9ef96dcb8278ccd0ef665ec60ee9307dThe Unix versions of the PerlCal CGI script have vulnerabilities which allow website visitors to view any file on the webserver. Exploit URL included.
cafeef1792da9c0feaa60892b0c79d59Irix Netprint local root exploit. Exploits netprint's -n option. Tested on IRIX 6.2, but should work on other versions.
684f4fd7980f8cd288d4c7246a74c4e0A bug in FTP server v0.25 for Windows 9x/NT has a bug which allows remote users to download and view any file on the system.
c4ecb3963a8feb4c516a70dac3768fedHylafax (/usr/libexec/fax/hfaxd) format string local root exploit. Tested on hylafax-4.0pl2-2.
58b40d4fd0e65019435163abc426cf3bIIS Unicode graphical exploit for Windows. This is an updated version of Unisploit1.0-FireLust which has more cool stuff.
4ca0e18dabb297eb8a393895fadd22ceSecurax / Hexyn Security Advisory #19 - FTP Server Denial Of Service tested on Serv-U FTP Server, G6 FTP Server and WarFTPd Server. The servers will freeze for about one second, and the CPU usage will go through the roof. Includes perl exploit.
4be170b50c9398765369f520a2c6f949Securax / Hexyn Security Advisory #18 - Savant WWW Server is an HTTP server for Windows 9x/NT. A bug allows any user to change to any directory, and in most cases, execute MS-DOS commands.
6f9c9d6f54652ba826358cf13d935982Securax / Hexyn Security Advisory #17 - Bison FTP Server is an FTP server for Windows 9x/NT. A bug allows any user to change to any directory.
226bb3737e08888dbe5e63e5dda1af09Securax / Hexyn Security Advisory #16 - G6 FTP Server is an FTP server for Windows 9x/NT. A bug allows any user to change to c:\ and sub directories.
270d0d0f482a3c8fd89332c222d6b825Securax / Hexyn Security Advisory #15 - G6 FTP Server is a popular FTP server for Windows 9x/NT. A bug allows any user to change to the directory G6 was installed in. Due to good programming, the only way to exploit this bug is by viewing the full installation path. Downloading the user-file (Users.ini) is impossible.
e39077c2d702f737ef80f3d3cfd316efTalkBack.cgi directory traversal remote exploit.
c1d3da4612b5f821a80c9c8926ac7f7aCfingerd prior to v1.4.2 remote root format string exploit. Includes information on finding offsets. Tested against Debian cfingerd v1.3.2, 1.4.0, 1.4.1, and RedHat 7.0 cfingerd 1.3.2.
b2014e7d2b6d5162f60557bb2a339a89Unidebug is another exploit for the begging-to-get-patched IIS unicode bug. Takes advantage of the DOS/Win debug.exe to create binary files on the remote site.
fc5d34b1372e206b79934199f9a5a707Georgi Guninski security advisory #43, 2001 - It is possible to execute Active Scripting with the help of XML and XSL even if Active Scripting is disabled in all security zones. This is especially dangerous in email messages. Though this is not typical exploit itself, it may be used in other exploits especially in email. To use the demonstration, disable Active Scripting and click here. If you see any message box you are vulnerable.
4526c231ea4ece969f1f44a5d9a5e543Removing the SUID bit from xlock causes enter to work as a password to unlock the screen for all users except root. With no SUID bit it can no longer read /etc/shadow, creating a blank .xlockrc, causing enter to be a valid password.
f33096b4c3b72a8ca3e83beb11d3f1e5Fancylogin 0.99.7 buffer overflow exploit. Fancylogin is usually not +s so this exploit isn't that dangerous. Tested on debian potato and kernel 2.2.18 and 2.2.19.
3c29e9932f23dde8a2b48ea4fecacfe4Security flaw in Linux 2.4 IPTables using FTP PORT - If an attacker can establish an FTP connection passing through a Linux 2.4.x IPTables firewall with the state options allowing "related" connections (almost 100% do), he can insert entries into the firewall's RELATED ruleset table allowing the FTP Server to connect to any host and port protected by the firewalls rules, including the firewall itself. Advisory available here.
dc606a55a73d02a1ef5404918f11a2bdFreeBSD-4.2-Stable ftpd GLOB remote root exploit in perl. This version requires user access and writeable home dir without chroot.
21542904375f11b565ae7d3ffa7495ebDenial of Service in Microsoft ISA server v1.0 - Microsoft ISA Server 1.0 on Windows 2000 Server SP1 is vulnerable to a simple network-based attack which stops all incoming and outgoing web traffic from passing through the firewall until the firewall is rebooted or the affected service is restarted. Exploit URL's included.
fb36faae5492250e8401702bb8fed294OpenBSD 2.x remote root GLOB exploit w/ chroot break. It is possible to exploit an anonymous ftp without write permission under certain circumstances. This is most likely to succeed if there is a single directory somewhere with more than 16 characters in its name. With write permissions, one could easily create such a directory.
0ceb3de432d5884f607492fb8e4209ecGeorgi Guninski security advisory #42, 2001 - By double clicking from Window Explorer or Internet Explorer on filenames with innocent extensions the user may be tricked to execute arbitrary programs. If the file extension has a certain CLSID, then Windows explorer and IE do not show the CLSID and only the harmless looking extension. Demonstration available here.
b09db7120def52b6ad9852216e070876FreeBSD v4.2 ftpd remote root exploit. Uses a GLOB vulnerability. Requires an account on the machine. Compiles on FreeBSD, Linux, and Solaris. Includes information on finding offsets.
14c7eb1d7690679bec2bcaf582cce1af
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed