Packet Storm new exploits for September, 2002.
72b57f8c0241e3393ea2b6135dbe42baCGI-Telnet 1.0, a cgi telnet script that runs on various Unix and NT webservers has vulnerabilities which can be manipulated into giving a user access. The password file is accessible in the web path and passwords are kept DES encrypted.
5a370b31c3a81464a6d4fc140e949b83Teolupus OpenSSL Exploiter is an automated OpenSSL vulnerability scanner able to find, log and exploit a server "without human intervention". It is based on Nebunu apscan2 but has much more targets. Includes openfuckv2 and openssl-too-open both with more than 130 targets.
b05e333e5fa377ca6c476149ed50c8e9Apache + OpenSSL v0.9.6d and below exploit for FreeBSD. Tested on FreeBSD 4.4-STABLE, FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, and FreeBSD 4.6-RELEASE-p1 with Apache-1.3.26 and Apache-1.3.19. Modified to brute force the offset from openssl-too-open.c. Includes scanners. WARNING: The binaries in this archive are infected with the ELF_GMON.A virus which sets up a backdoor on UDP port 3049. Updated by Ech0. Notice: Previous versions of this .tar.gz (before 3-11-03) had several binaries infected with the linux.osf.8759 virus. This tar contains both cleaned and infected binaries, with the cleaned ones running by default.
f210224fbf3fbc145f3e84ab7c844ed1Zyxbrut.c is a brute force program written for the ZyXel router telnet service.
aa0507fb1ed8677a43d8e629ad4d5380Modprobe shell metacharacter expansion local root exploit for Red Hat 7.x and SuSE 7.x.
28b219ae719f042d7c7ce6eac9ef28bdMandrake 8.2 linuxconf local root exploit.
e617b71655e152bbee80aa2767e49ca1Local apache/PHP root exploit via libmm (apache-user -> root) temp race exploit. Spawns a root shell from the apache user.
dcffeb448888592287ff24ca6be0c617Unicode IIS exploit in perl. Tries 20 ways.
b31f98e1ede92b439df11826c886cdd8iDEFENSE Security Advisory 10.01.2002 - It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. Two attack methods both of which are detailed. Patch available here.
6b1f79ee66a3ac3df14ff5df61ce1de7Buffer overflow exploit for gv v3.5.8 on linux which creates the file /tmp/itworked when gv opens the PDF. Some mail readers use GV to view pdf's. Tested on Red Hat 7.3.
da9705f79a8782d078819470306ac5c0Apache + OpenSSL v0.9.6d and below exploit for FreeBSD. Tested on FreeBSD 4.4-STABLE, FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, and FreeBSD 4.6-RELEASE-p1 with Apache-1.3.26 and Apache-1.3.19. Modified to brute force the offset from openssl-too-open.c. Updated by Ech0, and ysbadaddn.
93c74bbed4fa5628590f8a08cc6a569dApache OpenSSL v0.9.6d mass scanner. When a vulnerable server is found code is launched. Includes targets for Apache 1.3.6, 1.3.9, 1.3.12, 1.3.19, 1.3.20, 1.3.26, 1.3.23, and 1.3.14. Includes openssl-too-open binary.
f56c7c14685cd643a637f60e42497615Linuxconf v1.28r3 and below local exploit which uses the ptrace method to find the offset. Tested on Mandrake 8.0 and 8.2, and Redhat 7.2 and 7.3.
d7351358fc20587891f1f8c16b558242Research on the recent OpenBSD select() bug and its possible exploitation. Includes a local denial of service exploit which was tested on OpenBSD v2.6 - 3.1.
11b34ff9c52e9241262598028265afecThis exploit uses a symbolic link vulnerability in the Borland Interbase gds_lock_mgr binary to overwrite /etc/xinetd.d/xinetdbd with code that spawns a root shell on port 666 TCP.
0ecb679470d57b48ec01e63e5ca67c13This exploit abuses the KEY_ARG buffer overflow that exists in SSL enabled Apache web servers that are compiled with OpenSSL versions prior to 0.9.6e. The apache-ssl-bug.c exploit is based on the Slapper worm (bugtraq.c), which is based on a early version of the apache-open-ssl exploit.
1be047c32ae0e2d1d8930d2ce4c4f7ccVbulletin/calender.php remote command execution exploit.
0569a0851a81caa5f67a940a3af6fe2dQute.pl is a perl script which exploits a buffer overflow in Qstat 2.5b. Since Qstat is not SUID by default this script is useless.
6182325164cd3e63f9c2688fa96bcc6fiDEFENSE Security Advisory 09.23.2002 - A vulnerability exists in the latest version of the Dino Webserver that can allow an attacker to view and retrieve any file on the system.
c2e5dd5d49683b918059438a2f7d405aAlsaPlayer contains a buffer overflow that can be used for privileges elevation when this program is setuid. Tested on Red Hat 7.3 linux with alsaplayer-devel-0.99.71-1 . The overflow has been fixed in AlsaPlayer 0.99.71.
d3864c1d3454e61a8246fa4e1966ac8fRemote root exploit for Linux systems running Null httpd 0.5.0. Tested to work against Red Hat Linux 7.3.
88f53e3ca0b89baf95643a18cb9584bbLinux proof of concept exploit for a local buffer overflow in GNU Awk 3.1.0-x.
9e653a0462e3f7ef60c123e9ca381c63Compress v4.2.4 local test exploit for Linux systems.
599d99a8e14ed34f83f118d3d2d84799Qstat 2.5b local root exploit for Linux. Tested on Debian GNU/Linux (Woody). Since Qstat is not SUID by default this script is not useful for gaining more access to a linux system.
5bd205acc310c5c0a4a244f24352737d
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed